The security is terrible:
In a very
shortlimited amount of time, three vulnerabilities have been discovered:
- Wifi credentials of the user have been recovered (stored in plaintext into the flash memory).
- No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption).
- Root certificate and RSA private key have been extracted.
Boing Boing post.
uh, Mike • January 30, 2019 10:45 AM
Even with IPv6, we can’t handle an internet of things yet.
Astra • January 30, 2019 10:47 AM
You kinda forgot to mention this all requires physical access and destructive teardown.
Given that this is also based on an ESP32, it’s also immune to most botnet attacks, lacks ssh, lacks a shell, and is probably more secure than a lot of IoT out there.
Clive Robinson • January 30, 2019 11:14 AM
The problem with the embedded Private Key…
It’s not entirely clear what purpose it serves.
However if it needs a static private key for everyday usage, how else is it going to be stored on the device?
If you encrypt it, you will still need the dencryption key on the device, so all you are doing is minutely delaying the “front panel” attackers access to it.
If you generate a public key pair on the device at power up (remember light bulbs are actually “switched” at the wall for safety reasons) then that will take time, then there is all the hassle of getting your phone or whatever to talk to it.
The only way around this is some kind of “electronic vault” “On-Chip” on the SoC. Whilst you can get chips with this they tend to be “more expensive” in all sorts of ways. Whilst Internet of Trash devices tend to be short lived anyway lightbulbs have always been considered “consumables”, thus “short life” “Throw away” items.
Oh by the way, WARNING if you intend getting any Internet of Trash light bulb to pull appart, first check to see what type of light it realy is. Some of those “low energy” non-LED bulbs are both fragile –glass tubes– and contain quite toxic chemicals…
herman • January 30, 2019 11:31 AM
It sounds like a dim light bulb to me, being a smart bulb that leaves its owner smarting.
jeadly • January 30, 2019 12:23 PM
I’ll admit that I have a few of these, and they’re a complete lark which increases my attack surface. But if someone physically breaks into my house and only reflashes my light-bulb or steals my WiFi PW, I’ll count myself lucky.
de la Boetie • January 30, 2019 12:27 PM
It is possible to limit the scope of problems from this class of issue – inherent in IoT, by the use of (at minimum), a WAP with multiple SSID support on separate VLANs, behind a decent firewall (wrt, tomato, pfsense), to partition the internal network. This can likewise partition guest access and the dreadful smartphones.
Of course, this will not be accessible to people without some skill and time.
bear • January 30, 2019 1:14 PM
This is considered terrible now? That’s good news! As recently as ten years ago it was considered ‘normal!’
Seriously guys…. If you have “smart” devices manufactured more than three years ago, ditch ’em, because odds are they’re awfully stupid. That whole era was a race to the bottom, and the stirrings toward actual security in that industry are still pretty sluggish.
vpt • January 30, 2019 2:01 PM
It’s a freankin’ lightbulb, why does it need fancy fancy?
Peter • January 30, 2019 2:29 PM
These articles are a gift keeps on giving. A bit like “1.4 Billion Clear Text Credentials Discovered in a Single Database”. They occur on almost a daily basis and I regard them as just fillers.
What I’m waiting for is an IoT that is secure.
Now that article I would definitely read.
641A • January 30, 2019 3:38 PM
I imported some BlueTooth RGB/soft white light bulbs from China a few years ago…I figured they were a minimal security risk and they’re fun to have around for setting the mood.
That’s enough home smarts for me, frankly.
Thoth • January 30, 2019 7:19 PM
Crypto, Secure Boot, Secure Enclaves and so forth are just hand waving compliance-mitigating and also marketing points. They are just toolkits and building blocks.
IoT merchants and manufacturers can simply put a bunch of security labels saying they use Secure Enclave to perform Secure Boot and whatever you can name but it means totally nothing at all.
Security has to be implemented properly with all the tools. Why would a RSA root private key be found in the light bulb ? Obvious that shows whoever that is implementing the security has no idea of the importance of security and simply blindly implement them. It is as good as no security anyway.
@Clive Robinson
Regarding embedded electronic vaults, there are many you can get your hands on. Embedded SE and TPMs are one of the common routes and they provide rather strong level of hardware backed security but as is always noted, I have rarely seen IoT manufacturers know what they are doing when it comes to security and when given the option to secure themselves, they would prefer to omit it (cost savings and time saving) and another excuse is security hinders user experiences.
What can be done is a software key and credential management module (run in a Secure Enclave … yes for those who love to cheap out on security) or a separate hardware chip for key and credential management with an in-built security keychain.
Infineon has it’s Optiga Trust line of programmable security ICs which are designed to be used as security modules embedded into IoT devices to handle Key Management and STMicro has a whole section of Secure MCUs just for IoT devices for Key Management.
65535 • January 30, 2019 7:59 PM
@ Clive Robinson and other experts
“The problem with the embedded Private Key… It’s not entirely clear what purpose it serves. However if it needs a static private key for everyday usage, how else is it going to be stored on the device?”- Clive R
I wondered the same thing.
Is this private used for communication with the light bulb manufacture? Is it used to download updates or malware? Is it used because the light bulb manufacture only has one certificate for all light bulbs sold. Could this be used for SSL stripping? WPA2 key extraction or the like. Could it be used for CNC server bot nets? Say reflashing the chip for malware exploits?
From Bruce S post to boingboing post
https://boingboing.net/2019/01/29/fiat-lux.html
to
Limited Results post
“Pwn the LIFX Mini white Posted on January 23, 2019 by LimitedResults”
[two thirds down page]
“Vulnerability n*3: Root certificate and RSA private key extracted”
“Root certificate and RSA private key are present into the firmware.” -limited results
[image of private RSA key but not entire certificate]
https://limitedresults.com/2019/01/pwn-the-lifx-mini-white/
What are the possible downsides to this openSSL certificate and private key?
Tatütata • January 30, 2019 8:27 PM
Some of those “low energy” non-LED bulbs are both fragile –glass tubes– and contain quite toxic chemicals…
To be precise, the main problem is with Mercury.
I unfortunately broke a few compact fluorescent lamps in the past, and at the most inconvenient time, e.g., by waking up at 3 AM on a winter night with flu symptoms, fumbling about, and toppling the standing lamp. Craaaap!
Some sites make it sound like you have a superfund site on your hands.
The main takeaways: open the windows, and ventilate generously (the sources don’t say for how long). Don’t use a vacuum cleaner, at least not for picking up the main parts. Vacuum upholstered furniture, and throw away the bag. (I had a Dyson. What should I do?) Do not dispose of the remains in the domestic refuse bin.
However, German medical sources claim that the contamination isn’t that bad.
James Evans • January 30, 2019 9:54 PM
Off topic, might want to move this to a Friday squid post… but Tor has recently added support for padding into 0.4.0.1-alpha. I am wondering your thoughts on it Clive if you’ve followed their recent development work. Lurking here and reading over the years I believe I’ve understood Tor’s lack of such GPA countermeasures to be your main concern due to fingerprinting attacks based on side channels in low latency anonymity nets like Tor. I’m hoping you think the current development is a positive one. (It won’t be until later this year with 0.4.1.0 that they support it by default on the live network.)
Herman • January 31, 2019 1:04 AM
it is actually easy to secure these Idiocy of Things networks: Divide and Conquer – Give them their own LAN to play in and don’t connect it to the WAN.
That can be done with a physical separate LAN, or a VLAN. The actual problem is that ordinary home users are not clued up enough to do that.
Someone • January 31, 2019 5:04 AM
Who needs smart light bulbs, anyway? They just add to the pile of toxic waste we create.
JG4 • January 31, 2019 5:36 AM
@Tatütata – I’m not a fan of mercury poisoning, but I’m in some ways more concerned about the phosphor coating that blows into the air as a cloud of dust. It is a ceramic powder doped with rare earth elements. The particle sizes probably are in the respirable range. When I was a kid, my Dad and the neighbor (PhD) told me that if you got cut by the broken glass, the wound would never heal because it would be contaminated with the phosphor. I’ve never heard that before or since, but I’m happy to have been at least a little bit cautious. I late learned that breathing mineral dust is a bad idea.
Clive Robinson • January 31, 2019 8:31 AM
@ Tatütata, JG4,
To be precise, the main problem is with Mercury.
If only it was the only one…
There are plenty of other nasties in there some of which are carcinogenic with even tiny tiny amounts if they get in your blood stream lungs etc. It all depends on how old the bulbs are…
As for mercury, yes it is a bit of a problem, but you can find it all over the place including in fillings in your teeth. It’s used to make all sorts of amalgums and alloys like Whites Metal and many people have way more of it in their homes than they realise. Somewhere I’ve 10Kgs of it in a high strength teflon bottle, and yes I do find it ironic that teflon it’s self is now considered as bad as mercury.
One thing that you can find in high temp electronics which some bulbs are considered to be is Beryllium oxide, as long as you don’t break it it is considered “safe”. However in it’s dust form, you can if you are genetically predisposed get berylliosis quite easily and it’s incurable. From the wiki page,
https://en.m.wikipedia.org/wiki/Berylliosis
You will see of beryllia and berylliosis,
As far as I am aware they have stopped using it in fluorescents for domestic use, but it’s still very very widely used in industry from diverse things like Thermoluminesent instruments to a very large number of electronic systems. For my sins I likewise have a lot of beryllia kicking around the place in high power RF devices, that I tended to get through quite a number, with some actually not just poping their lids but their cloggs as well.
Beryllia can also be found in “heatsink compound” which is fairly nasty stuff as it gets everywhere like grease does, but it does not wash out very quickly. Which is why I find it odd that “Black and Decker” put it in domestic steam irons for ironing your clothes… Worse though the compound goes over time from being a paste to a dried out crumbly solid, which makes servicing or repurposing older high power RF systems a tad worrisome.
Nate • January 31, 2019 9:09 AM
I saw this yesterday, and I’m still not sure I care much about the physical security of LiFX bulbs. I have several, they’re nifty toys.
Yes, they store your WiFi key, doesn’t everything these days. OMG, it’s not encrypted on the device. That’s a pretty low risk. There are far easier ways to crack a WPA2 wifi key than breaking, stealing a light bulb and tearing it down.
Without any information about what the RSA key is used for, it doesn’t mean much. Is that for light bulb authentication to their cloud service? Is it unique per bulb?
I’d be far more concerned about remote exploits or protocol exploits VIA their cloud management. These things do maintain a cloud link for remote control.
MrC • January 31, 2019 9:25 AM
@ Nate:
I think the point is that it’ll still have your password in there after it’s burnt out and thrown away. Reduces the attack to dumpster diving.
Also, can you elaborate on those “far easier ways to crack a WPA2 wifi key”? Aside from the WPS thing, I’m not aware of any attacks that can recover a WPA2 key that don’t depend on the password being weak enough to fall to hash cracking.
Bong-Smoking Primitive Monkey-Brained Spook • January 31, 2019 9:37 AM
@Tatütata, @Clive Robinson, @vpt:
Regarding: fancy fancy, Mercury, …
I unfortunately broke a few compact fluorescent lamps in the past, and…
And you blew the opportunity!
See, it all started here, when a lunatic product development engineer ate[1] some “powder” and came up with the idea immediately after his brain got “enhanced” (poisoned). IoT bulb was born.
There are a lot of those bulb-eating “design engineers” on YouTube, at least one in each country.
On a more serious note, IoT bulbs enable central control authorities to better manage power consumption 😉
[1] The guy who snorted it came up with idea of self-driving cars and vehicle to vehicle “secure” communications.
Clive Robinson • January 31, 2019 12:53 PM
@ James Evans,
Off topic, might want to move this to a Friday squid post…
Done,
https://www.schneier.com/blog/archives/2019/01/friday_squid_bl_660.html#c6788403
andy • January 31, 2019 1:26 PM
Looks like the vendor has responded: https://www.lifx.com/pages/privacy-security
lurker • January 31, 2019 2:39 PM
Why don’t I see any How Many Security Analysts does it take to change a Lightbulb? jokes?
Delurker • January 31, 2019 5:21 PM
lurker : Why don’t I see any How Many Security Analysts does it take to change a Lightbulb? jokes?
How about an Edison Screw Fit one?
Q : How many Security Analysts does it take to screw in a light bulb?
A : Two but don’t ask how they got there…
Thoth • January 31, 2019 6:22 PM
LIFX response on their website:
“#3: Root certificate and RSA private key is now encrypted”
That’s an after-thought. I hope they did revoke the compromised private key and certificate and push down a new encrypted private key and certificate.
A Nonny Bunny • February 2, 2019 1:51 PM
@Delurker
lurker : Why don’t I see any How Many Security Analysts does it take to change a Lightbulb? jokes?
How about an Edison Screw Fit one?
Q : How many Security Analysts does it take to screw in a light bulb?
A : Two but don’t ask how they got there…
Well, at least they use protection.
John Bredehoft • February 6, 2019 4:01 PM
As noted above, LIFX fixed its vulnerability during the time that the information was embargoed.
I haven’t yet seen a discussion of how prevalent this is with other products, if at all. Has anyone tested?
Erik van Leeuwen • August 13, 2021 2:47 AM
This is a gentler treatment than a review aptly describing LifX has Hardware Malware
https://amazon.com/gp/customer-reviews/RVSM421NGTI1Z/
Late to the party I am replacing all my LifX hardware now with Hue. Never too late? I hope. I realize there are fixes but not to my trust.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Sok Puppette • January 30, 2019 10:44 AM
The real vulnerability here is, of course, the idea of putting a light bulb on the Internet to begin with.
More seriously, I’m prepared to believe that there are real problems here, but the article is breathless and very light on explaining impact.
Why is it terrible if I can reflash a light bulb given physical access? I am REALLY having trouble generating any outrage over the ability to JTAG a light bulb. In fact I would prefer to be able to JTAG my own light bulbs.
A remote OTA update would be a different matter. You culd even get a Philips-style light bulb worm going. But TFA doesn’t mention whether OTA updates are possible at all. And if you had Secure Boot(TM) and all that, that still doesn’t mean I couldn’t remotely make the bulb misbehave, or brick it, by messing with intentionally mutable configuration.
Why do I care if a fixed credential, used only at installation time, is stored in plaintext in the firmware, when obviously the control app already knows it? Encrypting it wouldn’t help, and making it variable would break installation. The problem is with the whole installation flow, and there’s no commonly used flow that does better. Or is this WiFi password something else?
What does it use the cert/key for anyway? Obviously that whole approach to crypto is completely broken, and I’m prepared to care about that, but I need to know what’s actually exposed to figure out how much..