Nine security holes, four of them still unpatched, have been found in the Osram smart light bulb system, potentially giving attackers access to a home or corporate network.
The issues in the Lightify Home and Pro systems range from cross-site scripting (XSS) to problems with the ZigBee and SSL protocols to insecure encryption key handling. They were discovered by security company Rapid7.
Security wasn't an afterthought - it wasn't thought of at all.Some of the programming bugs are pretty amateurish, raising the larger question of what kind of security review the products go through before being put on the market.
My recommendation is to assume that any "smart" appliance is an open door to hackers.