News
IoT light bulb manufacturer, LIFX, responds to security issues
Now your LIFX bulbs are more secure….hopefully.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
You’ve probably seen all the articles floating around recently about insecure IoT light bulbs. The short version is that credentials like Wi-Fi passwords and the information needed to control the device remotely are saved in plaintext, so they’re easily accessible to anyone with physical access.
Another one of the companies mentioned, LIFX, reached out to us after the piece ran to state that it has been working with the researcher at Limited Results who discovered the vulnerabilities in its light bulbs and that all the vulnerabilities discovered had been fixed with firmware updates towards the end of 2018.
LIFX has set up a dedicated security page with a brief Q&A section, along with instructions to get the updates if your devices haven’t already automatically updated.
If you have any LIFX lights, open up your LIFX app, and you should get a prompt to download and update the firmware.
That updated firmware brings resolution to the vulnerabilities discovered by Limited Results:
- Wi-Fi credentials are now stored encrypted
- The hardware now has extra security settings to guard against attack
- The root certificate and RSA private key are now stored encrypted
It’s refreshing to see a company so willing to talk about working with security researchers to resolve vulnerabilities in its products. While you could argue that LIFX should have encrypted this data in the beginning, the company should be commended for its handling of this situation.
LIFX also offers the use of its security team if any of its customers feel their account may have been compromised or if they suspect any fraudulent behavior. If this sounds like you, reach out to LIFX with the instructions given.
Do you think you were affected by this? Have any thoughts? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- IoT light bulb manufacturer, Tuya, responds to security issues
- What does the future of IoT and cyber security hold for us?
- 500 million Marriott hotel guests have had their data exposed in a massive data breach
- 500 million Marriott hotel guests have had their data exposed in a massive data breach
Follow us on Flipboard, Google News, or Apple News
