I don’t want my light bulbs on the Internet

I heard this week that the first vulnerability in smart light bulbs has been discovered–they can leak your wifi password.

I suppose I can take comfort in the cost of the bulbs–they cost $129, which means not a lot of people will have them, in a world where people complain about paying $5 for an LED bulb. Then again, for $129, I think it’s reasonable to expect a little bit of security. This isn’t a $15 router with a $2 profit margin. To its credit, the manufacturer immediately issued a patch to fix the vulnerability.

The problem with devices like these with security vulnerabilities is that they will be around a very long time. An LED light bulb has a life expectancy of nearly 17 years. And I think they stand a chance of making it–I own several LED bulbs of different brands, bought my first one four years ago, and aside from one bulb that died after about a week, all of them are still going.

Consider Windows XP for a minute. I can’t bring XP up without someone asking me why anyone would want to run such a rickety old operating system. But Windows XP is 13 years old–shorter than the life expectancy of one of these light bulbs. These password-leaking light bulbs are going to be around longer than Windows XP was.

Will the manufacturer still be willing to support these bulbs with patches in 16 years? Will the manufacturer stay in business that long? Or if it’s acquired, will the new company provide support?

I think I’ll stick with my Cree bulbs.

If you found this post informative or helpful, please share it!