The Philips Hue “smart lighting” system uses a dumb-as-a-sack-of-hammers device authentication scheme that allows anyone with the iPhone control app to issue instructions to the controller via HTTP.Security wasn't an after thought, it wasn't thought of at all. Here's a video of the hack in action:
...
And Hue also has a “feature” that probably had the marketing team in a spasm of hypegasm when it was devised: users can set up “recipes” that let the lights respond to the state of other apps. For example, the hue of the Hue can be made to respond to the user's Facebook activity for a service call “If This Then That” (IFTTT).
If the lights' colour was set to respond to a tagged photo on Facebook, for example, then simply sending a black photo would activate the recipe and turn the lights off.
I'd call the Philips team a bunch of idiots, but that would be insulting to actual idiots.
6 comments:
What do you get when you spend $100 on a lightbulb?
Screwed?
Sorry, but I just can't find it in my conservative heart to feel sorry for some YUPPY who needs to spend $100 for a light bulb...because of the name.
BWAhahahahahahaha
Dave, LOL.
Kurt, word.
"... the $100 Philips Hue light bulb which is so exclusive that it's only sold to fanboys through the Apple Store"
Ahem.
Philips 431650 Hue Personal Wireless Lighting, Single Bulb, Frustration Free
Philips 431643 Hue Personal Wireless Lighting, Starter Pack, Frustration Free
You can even get Prime shipping on both.
Also, it seems kind of odd that a product sold only to fanboys in the Apple Store would have an official Android app.
On a note related to your "Security wasn't an after thought, it wasn't thought of at all" meme, it looks like Google's Chromecast is security free too - not even a simple PIN - but this time it's by deliberate design. They're assuming that users will have their wifi successfully secured, and that no one will want to use it in a commercial or shared network.
Post a Comment