Researchers have discovered a number of flaws in the Osram Lightify lighting system that could leave a user’s WiFi network open to attack, ZDNet reports. In an email advisory, security firm Rapid7 said one of the worst flaws allows an attacker to “take control of a product” to launch browser-based attacks against a user or identify the home wireless network’s password. Where a home network’s password is as strong as the homeowner chooses to make it, the Osram bulbs use short, eight-character codes that can be easily cracked within a matter of minutes. Deral Heiland, principal security consultant at Rapid7, said Osram has indicated that it plans to fix most of the flaws his firm uncovered in the next round of patches, but it’s unclear if those fixes will fully resolve the security problems.
