Smart lightbulbs not so smart. Vulnerable to persistent XSS.

1. 2017-01-06 at 8:07 PM UTC

   #1
   

   Sophie Pedophile Tech Support
   Toppest of keks, that's what you get with your IoT clusterfuck on security.
   
   As per usual, Rapid7 has a very nice analysis on the situation.
   
   https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059
2. 2017-01-06 at 11:23 PM UTC

   #2
   The Self Taught Man Black Hole
   Hack it to stobe and trigger epilepsy
3. 2017-01-06 at 11:27 PM UTC

   #3
   The Self Taught Man Black Hole

   Originally posted by SCronaldo_J_Trump Hack it to stobe and trigger ecstacy

   
   
4. 2017-01-07 at 2:47 AM UTC

   #4
   Merlin Houston
   I like the future. Smells like money. Just imagine 2/3 of the world (nogs) don't have internet, it's going to be a shit show worse than grandpa forwarding "muh racist emails".
5. 2017-01-09 at 5:11 AM UTC

   #5
   

   0Death Yung Blood
   Hah, imagine a botnet of lightbulbs. Quite a bright idea, don't you think?
   ...
   Jokes aside, this is just crazy stupid how bad IoT security is. Sometimes I don't get why these developers always get it so wrong with the security. What's so special with IoT that always makes the software so insecure anyway?
   
   Nice find, interesting read.
   
   Post last edited by 0Death at 2017-01-09T05:31:47.653048+00:00
6. 2017-01-09 at 5:29 AM UTC

   #6
   

   aldra JIDF Controlled Opposition
   doesn't even seem worth the whitepaper, really. the only thing I'd even be vaguely concerned about is the weak PSK, meaning that potentially someone nearby could crack it and bridge into your home WLAN but it doesn't look like that's the default configuration anyway. I believe the zigbee attack implies that it's on a network with other 'iot' nodes, but having an 'ecosystem' of devices like that (as technofags are wont to say) opens you up to a whole plethora of security concerns most people don't consider.