The team over at Limited Results have published a paper detailing not one but three quite alarming security vulnerabilities found in their limited time with a LIFX Mini bulb.
The easily accessible hardware contains WiFi passwords in plain text, easily readable keys and no security settings at all.
The team advised LIFX of the issues in May of 2018 requesting PGP keys to detail the security issues but received no response. They then sent a report in plain email in October where the company agreed to investigate and action the issues before the would be disclosed publicly in 90 days.
LIFX have issued no statement as to the validity or fix for any issue listed as yet.
UPDATE: LIFX have responded to the research findings on their website’s privacy & security page. It states that all high & moderate issues brought to light by the Limited Results researcher have been resolved in a firmware release and that it should be applied immediately. The fix encrypts sensitive data and introduces other security measures.
For those who own the products LIFX advise changing any passwords that would’ve been stored prior to firmware patch being applied (ie. Update your WiFi password) to ensure your network’s safety.