According to a blog post published over the weekend, LIFX has updated the firmware used to control the bulbs after researchers discovered a weakness that allowed hackers within about 30 meters to obtain the passwords used to secure the connected Wi-Fi network. The credentials are passed from one networked bulb to another over a mesh network powered by 6LoWPAN, a wireless specification built on top of the IEEE 802.15.4 standard. While the bulbs used the Advanced Encryption Standard (AES) to encrypt the passwords, the underlying pre-shared key never changed, making it easy for the attacker to decipher the payload.
“Armed with knowledge of the encryption algorithm, key, initialization vector, and an understanding of the mesh network protocol we could then inject packets into the mesh network, capture the Wi-Fi details, and decrypt the credentials, all without any prior authentication or alerting of our presence,” researchers from security consultancy Context wrote.
BusBlaster JTAG debugger. |
The post underscores the futility of relying on obscurity to prevent hacking attacks. Sadly, the approach, known as security through obscurity, underpins much of today’s Internet of things offerings. Version 1.1 of the LIFX firmware was unavailable for downloads, making it hard for hackers to reverse engineer it and uncover the types of crypto weaknesses that exposed the Wi-Fi credentials. The Context engineers found a way around this hurdle. They undertook the painstaking process of removing the microcontroller embedded inside each bulb and connecting different JTAG pins to special debugging hardware to monitor the signals that were sent when lightbulbs were added or removed to a network. “At this point we can merrily dump the flash memory from each of the chips and start the firmware reverse engineering process,” the researchers wrote.
To its credit, LIFX responded proactively to the discovery by Context. Version 1.3 of the firmware now encrypts all 6LoWPAN traffic using an encryption key derived from the Wi-Fi credentials. It also includes functions for secure processing when new bulbs join a network. But given its warchest of $1.7 million, it’s unfortunate the company didn’t catch the crypto weakness on its own before the bulbs were available for public consumption. Software updates of any type are a hassle for many people, and firmware fixes are often even more difficult or risky.
Marketers would have people believe they’re missing out unless their refrigerators, thermostats, and other traditional appliances are connected to the Internet. Yet over and over, these devices have been shown to introduce networking and privacy threats not present in non-networked iterations. Microsoft, Apple, and Google devote huge amounts of resources to ensuring their wares and services are secure. Manufacturers pursuing Internet of things riches would do well to apportion a similar percentage of their means to securing these devices.
12 Comments
its complicated though
These dudes should be paid a lot
Kali Linux is available for a good android phone right now. With some driver tweaks (unfortunadelly not every phone will be receiving those drives) you can do pretty much everything this bulb does, including packet injection.
I Believe that in a couple of years, every average hacker with wireless cracking capabilities will be able to hack wifi from theyr smartfone. Just probally not the big bad brute force password stuff… that would consume a lot of time.
I already can with one click of a button. Purely for penetration testing of course haha. Seeing how much the public wants everything to be connected to the internet makes me worried about the future, as it is, everything around us is easily hackable given the right amount of time, whether it be seconds or hours. To make everything in your house vulnerable to attacks seems a little nonsensical to me.
$$$$$$$$$$$$$$$$$$$$$
🙁
🙁
very expensive
pls help me to reinstall my nokia 2700c software and certi ficate
How on earth did you manage to delete it in the first place just out of curiosity.
So curious on how he did dat also
how to access any website source page
right click any website and click on “view page source”
how to hack wifi password. tell that tool. for i phone tab