Security researchers at Rapid7 have identified a number of vulnerabilities in Sylvania Osram Lightify smart home products.

Lightify products provide indoor and outdoor lighting that can be controlled and automated via the web browser or an app on a mobile device.

Vulnerabilities were found across multiple elements of the Lightify ecosystem, including:

• the mobile app
• web management console
• the implementation of SSL encryption
• implementation of the ZigBee home automation communication protocol
• implementation of WPA2 security protocol authentication

The vulnerabilities leave the user open to several threats ranging from exposing the home Wi-Fi credentials to allowing the attackers to manipulate Lightify devices and launch web-based attacks against the user.

Osram has already patched several of these vulnerabilities, and users are advised to update their product software.

Current pricing on Amazon

- 69%

Amazon.com

SYLVANIA LIGHTIFY by Osram - Smart Home LED Light Bulb - Warm White to...

$9.12 $29.99 

BUY NOW

Amazon.com

SYLVANIA LIGHTIFY by Osram - Wireless Gateway / Bridge between Smart Devices...

$11.98

BUY NOW

Amazon.com

MagicLight® Bluetooth Smart LED Light Bulb - Smartphone Controlled Dimmable...

$23.95

BUY NOW

Last updated on May 25, 2023 10:41 pm