Security Researchers Find Nine Vulnerabilities in Osram’s Lightify System

Researchers from security company Rapid7 have found nine leaks in Osram’s ‘smart’ Lightify lamps. The company has now managed to close five of them. The accompanying app, among other things, stored the WiFi password without encryption.

This vulnerability, with attribute cve-2016-5051, allowed an attacker to retrieve the Wi-Fi password if, for example, they managed to get hold of the device with the installed app. This vulnerability in the Home version of the product has since been fixed. In addition, the researchers found that the default wpa2 WiFi passwords used by the system are very weak, consisting only of the numbers zero through nine and the letters a through f. As a result, these could be cracked in less than six hours. This vulnerability cve-2016-5056 , present in the Pro version, has also been fixed.

The unresolved issues are related to a lack of ssl pinning and the ability to resend commands via the ZigBee protocol. This allows an attacker to perform a man-in-the-middle attack and intercept traffic. A malicious person can also send commands to the system without authentication and thereby disrupt or interrupt the lighting. Other vulnerabilities that have been fixed allowed a user to connect to a malicious Wi-Fi network and allow an attacker to perform a browser-based attack via javascript injection.

Rapid7 contacted Osram in mid-May, who provided an update on the progress of patch development on July 21.