Vulnerabilities in Osram Sylvania Lightify products uncoverd

28 Jul 2016

Security researchers at Rapid7 have uncovered several vulnerabilities in Osram Sylvania Lightify products, among them a bug which would have allowed an attacker who stole a device with access to the app to see a home network's Wi-Fi pre-shared key in plain text.

Furthermore, Rapid7 discovered that attackers could conduct man-in-the-middle attacks and expose a person's traffic to the hacker. Rapid7 also came across issues that could allow hackers to change lighting and reconfigure a lighting setup.

On the Pro side, hackers could see a password in clear text without much trouble.

"Nine issues affecting the Home or Pro versions of Osram Lightify were discovered, with the practical exploitation effects ranging from the accidental disclosure of sensitive network configuration information, to persistent cross-site scripting (XSS) on the Web management console, to operational command execution on the devices themselves without authentication," the security firm said in a statement.

On the basis of the timeline provided by Rapid7, the company contacted Osram on 16 May, which ultimately patched the majority of the nine issues.

Osram Lightify offers a line of indoor and outdoor lighting products capable of being controlled via a mobile app. Much like the Phillips Hue series, the technology is designed for users to set moods, brightness, and other lighting controls from their apps.

Deral Heiland, leader of the research team said the most dangerous of flaws were located in the Pro Edition of the Osram Lightify, which was marketed to businesses, operating in office and store environments.

In one test, Heiland was able to remotely hack a corporate network through an XSS attack through a flaw in the Wireless Client Mode configuration page. The exploit was accomplished using a rogue access point to broadcast an SSID containing the XSS payload.

"What's dangerous is that it's possible to reconfigure the device and then interact with the enterprise corporate network. In fact, the probability of using this to carry out further attacks and exploits against the device and the authenticated user to the device to exploit the network (remotely) is most likely," said Heiland, thestack.com reported.