Hi, before we go any further this is based on a preliminary understanding of the Mirai attacks and we are monitoring the information coming out from security researchers.
What we know so far is that it hit devices with default credentials and installed a reasonably complex package onto them. The cloud side (their equivalent versions of the LIFX cloud) were not significant targets of this attack. LIFX defends against these attacks with a layered system of defences.
First the LIFX cloud.
We don’t have default credentials on our bulbs. We have our own Public Key Infrastructure (PKI) to authenticate our cloud to our bulbs. This PKI infrastructure allows us to protect the CA private keys by keeping them out of reach and allowing us to only publish the public key component of this system. This allows us to revoke and rotate the operational side of the infrastructure. In the event that any of these keys were compromised we would make sure to contact everyone we could and publish information on how we are mitigating it and repairing from it.
For the infrastructure that receives public connections (not from our bulb or app) we use standard TLS certificates from public CAs to secure all traffic between us and end users.
I can recommend the Coursera introduction to cryptography course if you want to learn more of the theory on this topic. It’s really quite good.
We also have proactive monitoring and alerting on our cloud services. We develop our software with best practices and security in mind and we are frequent readers of OWASP and other security publications.
We do review the ways we handle these keys (and our development practices and reporting procedures) periodically and welcome suggestions and bug reports. We have internal procedures for security bug reporting.
On to the device side of things.
All firmware updates already take place over the secured PKI systems described above. In addition to this firmware updates are signed by our firmware team and the signature is verified in both the updater inside the app and in the bulb itself. Our bulbs also inadvertently benefit from the environment they run in. Due to the heat involved in our bulbs our SOCs are very minimal and don’t have an excess in compute power or storage. While this is not something that makes it more secure it does make it harder to effectively use a compromised bulb in the event that exploits or effective attacks on our updating method are found.
This is not to say that there are not steps that you should consider taking for your LIFX cloud account.
- Log in to https://cloud.lifx.com and make sure you periodically check that you don’t have unwanted services or devices authorised on your account.
- Make sure you use a long and complex password.
- Do not share your personal access tokens.
- Revoke and Rotate access tokens periodically.