Internet Security vulnerabilities! LED bulb was invaded, but fortunately has been repaired

The British security research firm Context Information Security issued a statement warning all things related to the company said, produced by LIFX company, support wireless networking LED bulb exists security risks. Obviously, in this wave of Internet of things, these devices require network connectivity, in terms of security requirements, and did not reach their priority level. Context research director Michael Jordon said. "We also found a number of security vulnerabilities in other devices such as home storage devices, printers, and baby monitors. The security standards for the Internet of things need to be taken seriously, especially before the companies are ready to connect important devices to the system. "Jordon supplement.

These are produced by the new technology company LIFX LED bulbs, using 802.15.46LoWPAN network, so that the lamp can be connected to the Wi-Fi through the phone App link remote control. As long as you listen to network packets, you can find the encrypted network settings information through these bulbs. Basically, you want to use knowledge of encryption, Context company must be two micro control system unit (TI and STM, both Cortex-M3 and JTAG) for testing port connection, but a link, you can read the key encryption algorithm, and wireless mesh network protocol. This information will allow a company or enterprise to be able to put into a network packet, which will not be detected.

Then Context and LIFX cooperation has released a firmware update, patched this loophole, now all 6LoWPAN networks are required to use the encryption key from the Wi-Fi certification and LIFX import, the new production of the bulb has also joined this security mechanism.

"It is not a trivial matter, but it can cause cyber crime. "Jordon explains," in some cases, these weaknesses can be easily reinforced, as LIFX developers have demonstrated. In other cases, these vulnerabilities may exist in the foundation of product design. The most important of these safety measures must be established from the beginning, in possession of networking equipment, although it seems there are a lot of things, there are such problems, but when the safety problem is found, the user can suffer before repair. "Jordon stresses.