“It is clear that in the dash to get onto the IoT bandwagon, security is not being prioritised as highly as it should be in many connected devices,” said Context research director Michael Jordon. “We have also found vulnerabilities in other internet connected devices from home storage systems and printers to baby monitors and children’s toys. IoT security needs to be taken seriously, particularly before businesses start to connect mission critical devices and systems.”
These bulbs, from Lifx, implement a wireless 802.15.4 6LoWPAN mesh network, with one bulb acting as a bridge Wi-Fi for remote control by smartphone. Monitoring packets on the network enabled context to spot which ones shared encrypted network configuration among the bulbs.
Essentially, to understand the encryption used, Context had to connect wires to JTAG ports on two of the system microcontrollers (one TI and one STM, both Cortex-M3).
Once connected, it was able to read the encryption algorithm, key, initialisation vector and mesh network protocol.
This information enabled the firm to inject packets into the network to finish the job - all of which was done without being detected.
Context, with Lifx, has developed a patch which is available as a firmware update.
Now all 6LoWPAN traffic is encrypted using key derived from Wi-Fi credentials, and new bulbs join the network in a secure way.
“Hacking into the light bulb was certainly not trivial but would be within the capabilities of experienced cyber criminals,” said Jordon. “In some cases, these vulnerabilities can be overcome relatively quickly and easily as demonstrated by working with the LIFX developers. In other cases the vulnerabilities are fundamental to the design of the products. What is important is that these measures are built into all IoT devices from the start and if vulnerabilities are discovered, which seems to be the case with many IoT companies, they are fixed promptly before users are affected.”