Osram Smart Light Bugs Affect Wi-Fi Security


A hack of your computer is bad enough, but how about your lights?

Security researchers at Rapid7 discovered several vulnerabilities in the Osram Sylvania Lightify products. One of the more concerning bugs would have allowed an attacker who stole a device with access to the app to see a home network's Wi-Fi pre-shared key in plain text. In addition, Rapid7 discovered that attackers could conduct man-in-the-middle attacks and expose a person's traffic to the hacker. Rapid7 even found issues that could allow hackers to change lighting and reconfigure a lighting setup.

On the Pro side, hackers could see a password in clear text without any trouble.

"Nine issues affecting the Home or Pro versions of Osram Lightify were discovered, with the practical exploitation effects ranging from the accidental disclosure of sensitive network configuration information, to persistent cross-site scripting (XSS) on the Web management console, to operational command execution on the devices themselves without authentication," the security firm said in a statement.

Based on the timeline provided by Rapid7, the company contacted Osram on May 16, which ultimately patched the majority of the nine issues. However, as of this writing, two remain vulnerable: the lack of SSL pinning and the issues related to ZigBee rekeying.

Osram did not immediately respond to a request for comment.

Osram Lightify provides indoor and outdoor lighting products that can be controlled via a mobile app. Similar to the Phillips Hue series, the technology is designed for users to set moods, brightness, and other lighting controls from their apps. In this case, Home and Pro versions were affected.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Samsung Cuts Profit Forecast By A Massive $2.3b

    Unsurprisingly, it’s all the Galaxy Note 7’s fault.If that wasn’t upsetting enough for Samsung, its share price has also taken quite a hit since reports of failing Note 7 phones first began to spread.
  • 5300c769af79e

    OpenAI Adopts Microsoft Azure for AI Research

    The alliance was announced on Tuesday, promising to use AI to "tackle some of the world's most challenging problems," Redmond's Harry Shum wrote in a blog entry.By working together, OpenAI will benefit from Microsoft's Azure cloud computing infrastructure which unlocks access to large-scale AI experiments.
  • 5300c769af79e

    Google's Santa Village Now Open for Business

    Every year, Google enjoys deploying its Santa Tracker application for everyone to watch on Christmas Eve, but this year, Santa’s Village is back, now open for users on Android, iOS, desktop, and Android TV.In Santa’s Village, kids can find plenty of interactive games that are holiday themed, lesson plans for subjects like computer science and geography, plus new experiences every day leading up to Santa’s launch to spread toys and cheer.
  • 5300c769af79e

    Verizon's Galaxy Note Edge the Latest to Get Marshmallow Update

    Add another one to Verizon’s list.The Samsung Galaxy Note Edge from Big Red is the latest to receive an update to Android 6.