As our homes get smarter, many of the devices we rely on are getting dumber – such as WiFi lightbulbs. According to security researchers, poor product design makes these devices incredibly easy to hack.

What happened?

To see just how insecure WiFi smartbulbs are, a test was conducted on one of the most popular models available today – the TP-Link Tapo L530E. Researchers found four security risks, some of which would allow them to steal WiFi passwords and to take control of the lightbulb.

So what?

Hacking WiFi lightbulbs sounds like a waste of time – after all, what’s the worst that can happen? The hackers turn your lights on and off remotely until they get bored? No, there’s actually quite a lot that could go wrong.

Hackers typically look for any weakness that allows them to break into a network. They then use this foothold as a launch point for attacking other devices to steal personal information. So if they can break into your smart lightbulb, they can begin breaking into your other, more sensitive devices.

For instance, by compromising the Tapo L530E, hackers could steal your WiFi password. Which means that they could then connect directly to your home network and begin accessing your other devices quite easily. They can monitor traffic, capture information you send and receive or hack into your computers to steal information directly.

Becoming part of an IoT botnet

Just like your computer, many smart home devices are also susceptible to malware. Take the Mirai botnet for instance, which uses thousands of hacked WiFi devices to launch distributed denial of service attacks (DDoS) against websites and online services.

As well causing problems for the DDoS target, you may also notice your own network slows down during an attack – or that your infected devices become unresponsive. 

How to protect against smart lightbulb hacking

Unfortunately, security is an afterthought for many smart devices. The designers use outdated technologies and techniques to keep costs low, placing your personal security at risk.

There are a few things you can do to better protect yourself however:

  • Use 2FA if available. Although not infallible, two-factor authentication is much harder to circumvent and is quite effective at deterring casual hackers.
  • Update firmware and apps. Manufacturers frequently release software updates to address security issues. Download and install these patches and updates as soon as possible to reduce the risk of being hacked.
  • Be careful with your passwords. If you reuse passwords, there’s a good chance that the one used for your lightbulbs can be used by hackers to access your accounts on other websites and services. Always use a unique password for every service – and use a password manager if you have trouble remembering them all.
  • Set up a separate home network. Consider adding your smart home devices to their own WiFi network to prevent hackers from using compromised lightbulbs as staging points for an attack. Many home routers now offer the ability to create a second (or guest) network – use it!