Hacking Into Internet-Connected Light Bulbs Reveal Wi-Fi Passwords

Ever since the initiation of the internet as a vital part of living, the prospect of online crimes was considered to increase. Over the years, this has proven true. From the beginnings of online criminal activity with pirating licensed products, especially through LimeWire, to an anonymous entity (could be one or more people) protesting the spending for the 2014 FIFA World Cup by hacking into government websites, internet security has also become a vital part of living. Though by being connected all the time, we run the gamut of having one single person control everything.

Fortunately for the common person who uses electronics, there are plenty of built-in defenses and securities. However, how and why were they made in the first place? Usually when there is a law or a rule enacted, including the weird ones, it must have been because at one point in history, somebody actually did something to enact that law or rule right? That was how internet security used to be, but we now have people known as “white-hat” hackers. These hackers actually work with companies that make internet-connected devices and try to find hacks. They then build the necessary software (or hardware) to prevent the hack from happening out in public.

And now white-hat hackers with the security firm Context have found another hack that could be troublesome for people: attaining Wi-Fi passwords to locked internet connections with internet-connected light bulbs.

Internet Lights

The results were posted up on Context’s official site in which they were able to obtain Wi-Fi credentials up to 30 meters away. The LIFX lightbulb, which is considered another addition to the “Internet of Things” allows users connected to a network-connected bulb to change its color and strength from a computer or a cell phone. Context themselves detailed this in their post:

“Armed with knowledge of the encryption algorithm, key, the initialization vector and an understanding of the mesh network protocol we could then inject packets into the mesh network, capture the WiFi details and decrypt the credentials, all without any prior authentication or alerting of our presence.”

The Daily Sheeple provides insight of the inherent dangers in having countless home appliances connected to the internet. Experts predict there will be up to fifty such devices in the average home by the year 2022. As of now, we already have connected televisions, connected kitchen appliances, connected phones, and of course computers, laptops, and tablets. Why earlier on The Inquisitr, we reported on Japan’s smart toilets which are also connected to the internet too!

To help enforce the above fears, Ars Technica had this to state in their article:

“Weaknesses in a popular brand of light system controlled by computers and smartphones can be exploited by attackers to cause blackouts that are remedied only by removing the wireless device that receives the commands…”

LIFX has said they have fixed the vulnerability but it is still a frightening thought that internet (and personal) privacy can be compromised simply through household items, such as light bulbs, just because they are connected to the internet. I am sure people would hate to hear their internet passwords were hacked thanks to a neighbor’s light bulb or their internet lights flicker on and off because someone was playing a round of Flappy Bird in the area.

[Images via Context and Bing]