Thinking about follow the Internet of Things trend, and decorate your tree with smart Christmas lights?
IoT Christmas lights allow users to control the lights remotely on their smartphones. Through the mobile app, the lights can be synchronized with music as well as lighted up according to customized patterns. As an IoT device, smart Christmas lights absolutely have several security issues that need to be taken care of. However, the security of the Twinkly smart Christmas lights this year has improved since last year.
Manufacturers of the Twinkly smart lights improved security by replacing the ESP8266 Wi-Fi module its previously used with a more secure system-on-chip (SoC) module, which is ESP32 Wi-Fi module. In 2018, several important security issues were discovered in the version released at that time.
According to researchers who studied on Twinkly smart lights,
“It has no trusted execution environment, no secure key storage, basically no significant security features at all. Much more secure modules were available at the time, but I guess the Twinkly team chose the cheaper option.”
With the previous version, hackers can open the control module, attach logic probes, and recover the Wi-Fi pre-shared key (PSK) from the system. In addition, the unencrypted PSK can easily be intercepted when it is initially sent out for connecting to the home network.
Fortunately, Twinkly upgraded their security this year and finally started to think about IoT security from the device level. Twinkly could realize their security issues and made the change because of the commercial pressure generated by their consumers. As a consumer, we should be vigilant and strict on cybersecurity problems.
So that, our technology can be improved at the same time as the security level enhances. Even though Twinkly smart Chirtsmas lights have upgraded its security level, it does not mean the improvement should be stopped. The manufacturer of Twinkly smart lights still have a long way to go, like other IoT manufacturers.
Contact LIFARS.com Immediately if Your
Organization was Hit with a Data Breach
Credits:
threatpost.com/smart-christmas-lights-safer-last-year/151057
securityaffairs.co/wordpress/79130/hacking/twinkly-christmas-lights-hacking.html
