I heard this week that the first vulnerability in smart light bulbs has been discovered–they can leak your wifi password.
I suppose I can take comfort in the cost of the bulbs–they cost $129, which means not a lot of people will have them, in a world where people complain about paying $5 for an LED bulb. Then again, for $129, I think it’s reasonable to expect a little bit of security. This isn’t a $15 router with a $2 profit margin. To its credit, the manufacturer immediately issued a patch to fix the vulnerability.
The problem with devices like these with security vulnerabilities is that they will be around a very long time. An LED light bulb has a life expectancy of nearly 17 years. And I think they stand a chance of making it–I own several LED bulbs of different brands, bought my first one four years ago, and aside from one bulb that died after about a week, all of them are still going.
Consider Windows XP for a minute. I can’t bring XP up without someone asking me why anyone would want to run such a rickety old operating system. But Windows XP is 13 years old–shorter than the life expectancy of one of these light bulbs. These password-leaking light bulbs are going to be around longer than Windows XP was.
Will the manufacturer still be willing to support these bulbs with patches in 16 years? Will the manufacturer stay in business that long? Or if it’s acquired, will the new company provide support?
I think I’ll stick with my Cree bulbs.
David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.