Did you know that your IoT light bulbs carry a hefty security risk?

We’ve known for ages now that Internet of Things (IoT) devices like light bulbs and switches are insecure. The Mirai botnet attack used IoT devices to take down a large part of the domain name service infrastructure in October of 2016, which was successful because IoT devices often have the same default password and username from the factory, which is often not changed by the user (if they can be changed at all). A prime example of this is the networking equipment bundled with your internet services. The default Wi-Fi password that is printed on the router is often related to the MAC address, which gets broadcasted as part of how Wi-Fi works. Seriously, change your default passwords. What’s more, with the relatively low cost of most IoT devices, it’s often not cost-effective for the manufacturer to build better security in at the design stage. For example, you might think the only risks of buying a cheap IoT light bulb are the badly-translated app to control it or maybe some extra setup time to get it integrated into your existing network. It turns out those are the least of your worries, as most light bulbs have no security to speak of, even if the hardware they’re built with could support it.