Deral Heiland, Research Lead at Rapid7, is disclosing a vulnerability that reveals how popular home lighting system, Osram Lightify leaves users vulnerable to attack. A link to the blog post with additional details can be found here.
Specifically, a malicious actor can:
- Execute commands to change lighting, and also execute commands to reconfigure the devices
- Inject code which could modify the system configuration, exfiltrate or alter stored data, or take control of the product in order to launch browser-based attacks against the authenticated user’s workstation. Deral commented below.
Deral Heiland, Research Lead at Rapid7:
That does not mean we should avoid leveraging these new automation technologies, but does show that we need to build better policy around managing the risk and develop processes on how to deploy these technologies in a manner that does not add any unnecessary risk.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.