A new version of the firmware has fixed the issue after security researchers, or ‘white-hat hackers’ discovered that Wi-Fi passwords could be obtained within 30 metres of a connected LIFX network.
Although traffic was encrypted, the way that data was transferred between lamps made it possible for an intruder to decipher it. In order to do this, the researchers first had to reverse engineer LIFX’s firmware, which meant dismantling a lamp and extracting data from its memory.
As well as encrypting all traffic, LIFX’s new firmware includes functions for secure processing when new lamps join a network.
LIFX said in a blog post: ‘There was a potential security issue regarding the distribution of network configuration details on the mesh radio but no LIFX users have been affected that we are aware of.’
Last year, researcher Nitesh Dhanjani said vulnerabilities in Philips’ Hue wireless controller’s authentication system could enable malware on the computer network to control the lights – but Philips said the risk was ‘very limited’.