Wednesday, July 27, 2016

"Smart" lightbulbs are pretty stupid

From a security perspective, that is:
Nine security holes, four of them still unpatched, have been found in the Osram smart light bulb system, potentially giving attackers access to a home or corporate network. 
The issues in the Lightify Home and Pro systems range from cross-site scripting (XSS) to problems with the ZigBee and SSL protocols to insecure encryption key handling. They were discovered by security company Rapid7. 
Some of the programming bugs are pretty amateurish, raising the larger question of what kind of security review the products go through before being put on the market.
Security wasn't an afterthought - it wasn't thought of at all.

My recommendation is to assume that any "smart" appliance is an open door to hackers.

1 comment:

Archer said...

Murphy's laws dictate, among other things:
- Leak-proof seals, will.
- Self-starters, will not.
- Interchangeable parts, won't.

I think it is officially time to add:
- "Smart" devices, ain't.