Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

LIFX responds to security vulnerabilities in HomeKit smart bulbs saying fixed in Q4 2018

LIFX has responded to the recent revelation of serious security flaws within its White mini HomeKit-enabled bulbs, saying all three issues were fixed at the tail-end of 2018.

Wednesday, AppleInsider noted that major vulnerabilities existed within popular LIFX HomeKit smart bulbs. LIFX has now responded to the request for comment, noting that all of the security issues found were fixed at the end of 2018.

"The vulnerabilities outlined in the Limited Results report have been addressed at the end of 2018," LIFX told AppleInsider in a statement. "We have added security measures, including the introduction of encryption."

Since publication, LIFX has also debuted a new page on their website devoted to security that sheds additional light on changes that were made.

Specifically, Wi-Fi credentials, root certificates, and the RSA private key are now encrypted where they weren't before, alongside new security settings. The updates came in a firmware update and app update in the fourth quarter of 2018.

The firmware patch wasn't forced on users, so AppleInsider recommends making sure that you have performed the update on LIFX gear. Additionally, if you have a dead LIFX bulb that is no longer functioning and want to be sure that your Wi-Fi credentials can't be stolen, LIFX recommends changing your Wi-Fi SSID and password.

The vulnerabilities originally detailed were serious, but could only be exploited if a hacker had physical access to the bulb and some electrical and programming knowledge. The bulb also gets destroyed in the process of accessing that information.



2 Comments

macgui 17 Years · 2471 comments

Where are the class action suits?

Maybe if Apple sold it, definitely if Apple made it.