Update: LIFX Mini products that were affected by KRACK have been patched as of fw release 3.40 (April 11, 2018), and later versions of firmware.

LIFX A19 and BR30 products that were affected by KRACK have been patched as of fw release 2.75 (April 19, 2018) and later versions of firmware.

 

We are aware of the Krack (CERT: VU#228519) vulnerability and we can confirm that our lights are affected.

Recommendation for lights: Due to the complexity of this type of vulnerability and physical proximity requirements (within range of Wi-Fi access) our users are at a low risk of being targeted. If you feel you may be a more likely target, turn off your Wi-Fi router and use your lights via the hardwired light switch until firmware updates are available.

Timing: We will update the information for each product below, as updates are available.

What can happen: This vulnerability will allow an attacker to obtain control of your lights with in Wi-Fi range. Cloud control and remote control are not affected. Your Wi-Fi password is not at risk of being captured in this hack.

Replay Attack

The 'replay attack' allows an attacker to capture and replay packets that have already been sent. As the LIFX LAN protocol does not include any packet de-duplication method this could mean that an attacker could repeat an action that a legitimate users had already performed. This attack requires physical proximity to the device and access point. An attack against a LIFX device could mean:

  • An attacker who captured packets controlling a device via LAN could replay those packets and cause the actions to be repeated. For example if an attacker captures you turning off your light, once you turn it on the attacker could turn it off again by replaying what was captured.

Decryption Attack

The 'decryption attack' allows an attacker to assume a man-in-the-middle situation and decrypt all packets travelling between the device and the access point. This attack requires physical proximity to the device and access point. An attack against a LIFX device could mean:

  • An attacker could monitor the device and watch all the actions a user performs against it when controlling via LAN.

Injection Attack

The 'injection attack' allows an attacker to forge packets to and from the device. This attack requires physical proximity to the device and access point. This allows the attacker to pretend to be the device under attack and send packets to any other client on the network. This attack has only been demonstrated against a particular version of wpa_supplicant, and is probably not feasible against our devices. A successful attack against a LIFX device could mean:

  • An attacker could control the device under attack using the LAN protocol.
  • An attacker could use the LIFX device to attack other devices on the network. For example the vulnerability in our bulbs may provide access to other devices on the network.

LIFX Products

LIFX Mini, LIFX GU10

PATCHED: fw v 3.40 (April 11, 2018)

Replay attack: Patched

Decryption attack: Patched

Injection attack: Patched

Status: Patched

CVE List:

  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

 

LIFX A19, LIFX BR30, LIFX A19+, LIFX BR30 +

PATCHED: fw v 2.75 (April 19, 2018)

Replay attack: Patched

Decryption attack: Patched

Injection attack: Patched

Status: Patched

CVE List:

  • CVE-2017-13078
  • CVE-2017-13080

 

LIFX Color 1000, LIFX White 800, LIFX White 900, LIFX Z

Replay attack: Unconfirmed but likely

Decryption attack: Unconfirmed but likely

Injection attack: Unconfirmed

Status: Awaiting patch from Wi-Fi chipset vendor

 

LIFX Original, LIFX Color 650

Replay attack: Vulnerable, broadcast/multicast packets only

Decryption attack: Not Vulnerable

Injection attack: Not Vulnerable

Status: Awaiting patch from Wi-Fi chipset vendor

CVE List:

  • CVE-2017-13080
  • CVE-2017-13081

 

 

 

Was this article helpful?
2 out of 4 found this helpful