Osram Patches LED Lamps For Security Issues

You know the Brave New World has arrived when you need to fix security issues with your IoT light bulbs. Osram moved to address flaws in their "Lightify" connected bulbs after researches at Rapid7 discovered some problems with the way the Zigbee wirless control protocol was set up.
The way the Osram Lightify connected bulbs communicate is over the ZigBee wireless protocol. One of the vulnerabilities Rapid7 discovered is a ZigBee network command replay attack (CVE-2016-5054). According to Rapid7's advisory, it is possible for a malicious actor to capture and replay the Zigbee communication at any time, and replay those commands to disrupt lighting services without any other form of authentication.

No comments:

Post a Comment