While the “Internet of Things” has great potential, it also opens up new attack surfaces for those with nefarious intent to exploit. A good example of this was found by a security researcher last week. LIFX offers wifi controlled LED light bulbs that can be turned on an off as well as color adjusted via an iOS or Android app. In order to operate, the light bulbs must authenticate to the wireless network in the user’s home or office. The researcher found that it was possible to retrieve the wireless network password from the bulbs themselves, giving them access to the rest of the devices on the same network. LIFX has issued a patch to correct this issue, but this serves as a reminder that all of those new, whiz bang network connected devices are part of your network’s security perimeter. Many of these devices are coming from startup companies which may not have a security culture embedded in their development process. To be fair, the researcher had to do some fairly sophisticated to pull off this hack, but as IoT devices begin to proliferate, the payback for attackers will be worth the extra effort.
RSS - Posts