Serious security flaws found in Osram smart bulbs – ZDNet

(Image: CNET/CBS Interactive)

Your home might be smart, but it might not be so secure.

Researchers have found that popular home lighting system Osram Lightify has a number of severe security flaws that could leave users vulnerable to attack.

See this

Hacking vulnerabilities with the Internet of Things: Risks and security loopholes

The Internet of Things opens up a world of possibilities for our connected lives. But what if a hacker could gain control of the things that mean the most to us. Here we investigate some possible hacking scenarios that could just happen.

Deral Heiland, principal security consultant at security firm Rapid7, explained in an email this week that the vulnerabilities can be used to attack home and enterprise networks, which if fully exploited could allow an attacker to pivot access into an internal network.

The security firm said in an advisory that one of the worst flaws could allow an attacker to “take control of a product” in order to launch attacks against a browser by allowing the injection of persistent JavaScript and web-based HTML code into the web management interface.

That could lead to browser-based attacks against a user.

Another severe weakness in the smart home device allows an attacker to identify the wireless network’s password. The devices use short, eight-character codes, which can be easily cracked within a matter of minutes or hours.

Osram, a Germany-based company, remains a mid-level smart lighting player, behind Philips Hue, and Belkin. The company didn’t comment on the findings at the time of writing. (If that changes we’ll update the story.)

It’s not the first time a smart home tech company has fallen at the first security hurdle.

Smart home technology has seen an intense focus in recent months, given the explosion in the Internet of Things space. Manufacturers of these internet-connected devices have, however, faced criticism for putting functionality over security. Common flaws in smart home devices can allow hackers to collect data or conduct surveillance.

Heiland said that Osram indicated that the next round of patches would fix all the flaws, with the exception of two lesser flaws.


Write a Reply or Comment:

You must be logged in to post a comment.