LIFX responds to security vulnerabilities in HomeKit smart bulbs saying fixed in Q4 2018
LIFX has responded to the recent revelation of serious security flaws within its White mini HomeKit-enabled bulbs, saying all three issues were fixed at the tail-end of 2018.
LIFX Mini white
Wednesday, AppleInsider noted that major vulnerabilities existed within popular LIFX HomeKit smart bulbs. LIFX has now responded to the request for comment, noting that all of the security issues found were fixed at the end of 2018.
"The vulnerabilities outlined in the Limited Results report have been addressed at the end of 2018," LIFX told AppleInsider in a statement. "We have added security measures, including the introduction of encryption."
Since publication, LIFX has also debuted a new page on their website devoted to security that sheds additional light on changes that were made.
Specifically, Wi-Fi credentials, root certificates, and the RSA private key are now encrypted where they weren't before, alongside new security settings. The updates came in a firmware update and app update in the fourth quarter of 2018.
The firmware patch wasn't forced on users, so AppleInsider recommends making sure that you have performed the update on LIFX gear. Additionally, if you have a dead LIFX bulb that is no longer functioning and want to be sure that your Wi-Fi credentials can't be stolen, LIFX recommends changing your Wi-Fi SSID and password.
The vulnerabilities originally detailed were serious, but could only be exploited if a hacker had physical access to the bulb and some electrical and programming knowledge. The bulb also gets destroyed in the process of accessing that information.
LIFX Mini white
Wednesday, AppleInsider noted that major vulnerabilities existed within popular LIFX HomeKit smart bulbs. LIFX has now responded to the request for comment, noting that all of the security issues found were fixed at the end of 2018.
"The vulnerabilities outlined in the Limited Results report have been addressed at the end of 2018," LIFX told AppleInsider in a statement. "We have added security measures, including the introduction of encryption."
Since publication, LIFX has also debuted a new page on their website devoted to security that sheds additional light on changes that were made.
Specifically, Wi-Fi credentials, root certificates, and the RSA private key are now encrypted where they weren't before, alongside new security settings. The updates came in a firmware update and app update in the fourth quarter of 2018.
The firmware patch wasn't forced on users, so AppleInsider recommends making sure that you have performed the update on LIFX gear. Additionally, if you have a dead LIFX bulb that is no longer functioning and want to be sure that your Wi-Fi credentials can't be stolen, LIFX recommends changing your Wi-Fi SSID and password.
The vulnerabilities originally detailed were serious, but could only be exploited if a hacker had physical access to the bulb and some electrical and programming knowledge. The bulb also gets destroyed in the process of accessing that information.
Comments