Installing Osram Lightify smart bulbs could gift wrap your Wi-Fi password to hackers

By Rick Stella Updated July 27, 2016

osram smart bulbs vulnerable to hacks osram2 — Osram

Like a setting out of a horror movie, a recent discovery of potential security flaws in Osram’s Lightify smart light bulbs may give hackers the ability to remotely operate a user’s lights, and even control their network, without asking for approval. Perhaps even more critical, the vulnerabilities — of which nine were found by a security researcher at Rapid7 — could also give unwanted visitors access to a home’s Wi-Fi network. Deral Heiland, the researcher who happened upon the cracks in Osram’s armor, has reportedly informed the manufacturer of the flaws, and has stated that a simple software update coming out in August should fix the problem.

Of the nine vulnerabilities found by Heiland, the one likely responsible for the bulk of the problem lies with the smart bulb’s companion application, which stores unencrypted copies of an owner’s Wi-Fi password. Because of this, hackers could easily obtain this information via the app, which would grant them access to anything connected to the Wi-Fi network. In other words, this is bad.

Osram1 — Osram

“This is not just about being able to manipulate the light bulbs,” said University College London cybersecurity expert, Professor Angela Sasse. “The vulnerabilities here could give somebody access to control the network itself and that’s a very serious issue. In this day and age, you would regard that as an unacceptable security flaw. It’s a well known thing that you don’t store passwords like that — it’s really elementary.”

Currently, the company says it continues to analyze potential issues with its products and that most of the flaws will likely be resolved come August. For the remaining risks — which reportedly surround the companion ZigBee Hub — the company says it’s working to find a way to develop yet another patch, though it’s uncertain what the patch would actually target.

As smart home technology continues to grow, one of the most important aspects consumers look for is a device’s built-in security. Unfortunately for Osram, until it fixes its issue of unencrypted Wi-Fi passwords, it’s likely few people will be knocking down its door to install a Lightify system.

Topics

Former Digital Trends Contributor

Rick became enamored with technology the moment his parents got him an original NES for Christmas in 1991. And as they say…

Smart Home

How smart tech can improve your 4th of July BBQ

philips hue outdoor range

Last year, you had to jealously attend your older brother's 4th of July gathering. You wanted to host the party, but he insisted. But the chump ran out of beer, had to order pizzas because he forgot to buy the burgers, and had a screaming match with your father about politics. Capri-Sun in hand, you sit in your lawn chair, holding back a devilish grin, and thinking: Next year will be my year.

So with Independence Day 2022 just several days away, if you're gearing up for an unforgettable 4th of July event, and need to come up with a few ways to wow your guests and put big bro in his place. Our suggestion? Break out your Wi-Fi password, put your sibling rivalry aside, and deliver the best 4th of all time with some of these amazing smart home devices and features.
Illuminate the night with smart lighting

Smart Home

Smart homes without Wi-Fi: Huge possibilities or roadblocks?

Amazon Echo Show 15 hanging horizontally on the wall.

When it comes to smart home automations, there really isn't much that can't be done these days. From the moment you wake in the morning to the final minutes before bed, by issuance of a few simple voice commands, you can check your daily schedule, raise and lower blinds, fire up a pot of coffee, stream news radio, lock and unlock doors, initiate a video call, and so much more.
And as product developers are continuing to roll out new and innovative features, today's leading smart home devices are getting easier to use, more efficient, and -- you guessed it -- smarter. With innovation around every turn, what could possibly be improved upon?
Our hot take: The reliance on our Wi-Fi networks to operate this equipment.

The Internet of Things and ecosystems
The vast majority of smart home devices require a web connection, which is why this class of consumer tech and its related peripherals are often referred to as Internet of Things (IoT) components. While this label can be applied to essentially any hardware that has the capability of connecting to the internet, the phrase takes on a new meaning when discussing smart devices.

Smart Home

Why moving your smart home could be a nightmare

Philips Hue Appear Outdoor smart light.

The smart home concept is a great thing: It allows us to automate things from lighting to temperature, make video calls while we prepare dinner, and get answers to questions instantly. In its current state, it has one fatal flaw, however: The smart home is not really meant to move.
What to know about moving smart home gadgets
Think about it: Some of us have literally dozens of devices including lights, thermostats, robot vacuums, speakers, security cameras, wireless alarm systems, and more. How would you go about removing, relocating and reconnecting all those devices to Wi-Fi in a new house if you ever need to move? On the surface, it sounds daunting.
Use of adhesives in smart home products
Some smart lighting, in particular LED strip lighting like that from LIFX, Philips Hue and Govee, attaches with adhesive tape to the underside of cabinets, the back of TVs, headboards, and even bathroom mirrors. Does that mean you can’t take it with you?

It’s possible to remove adhesive with the right product -- Goo Gone comes to mind -- but it could leave a mess behind that requires painting, patching or touch-ups and only adds to your moving checklist. In the past, I’ve used 3M Command adhesive strips as opposed to the sticky tape included on smart lights to stick them into place, and this allows easy relocation if necessary.