Serious security flaws found in Osram smart bulbs | ZDNet – ZDNet
Your home might be smart, but it might not be so secure.
Researchers have found that popular home lighting system Osram Lightify has a number of severe security flaws that could leave users vulnerable to attack.
Deral Heiland, principal security consultant at security firm Rapid7, explained in an email this week that the vulnerabilities can be used to attack home and enterprise networks, which if fully exploited could allow an attacker to pivot access into an internal network.
That could lead to browser-based attacks against a user.
Another severe weakness in the smart home device allows an attacker to identify the wireless network’s password. The devices use short, eight-character codes, which can be easily cracked within a matter of minutes or hours.
Osram, a Germany-based company, remains a mid-level smart lighting player, behind Philips Hue and Belkin. The company didn’t comment on the findings at the time of writing. (If that changes we’ll update the story.)
It’s not the first time a smart home tech company has fallen at the first security hurdle.
Smart home technology has seen an intense focus in recent months, given the explosion in the Internet of Things space. Manufacturers of these internet-connected devices have, however, faced criticism for putting functionality over security. Common flaws in smart home devices can allow hackers to collect data or conduct surveillance.
Heiland said Osram indicated that the next round of patches would fix all the flaws, with the exception of two lesser flaws.