Pwn the LIFX Mini white light bulb by

@LimitedResults

 

The Device

Bought on Amazon (30 euros). The light bulb is plugged. LIFX app is installed on an Android smartphone. Wi-Fi connection is set. The light bulb works fine.

Wunderbar, easy setup.

Fireproof paste all around

The most difficult is to clean the board and remove this paste.

The Setup

The major component of the module is identified as ESP32D0WDQ6, a SoC from ESPRESSIF.

Datasheet is available here. SDK & Tools are also available on GitHub. Some pins are soldered to easily connect with a FT2232H board. A little bit of PCB Reverse is needed.

Simple setup

Vulnerability n*1: Wi-Fi credentials stored in plaintext into the firmware

Vulnerability n*2: No security settings (at all)

Vulnerability n*3: Root certificate and RSA private key extracted

I decided to stop the investigation after that.

Conclusion

In a very short limited amount of time, three vulnerabilities have been discovered:

  • Wifi credentials of the user have been recovered (stored in plaintext into the flash memory).
  • No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption).
  • Root certificate and RSA private key have been extracted.

READ MORE

@LimitedResults

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.