Have Osram Lightify iPhone-controlled light bulbs? Read this important security note

The "Internet of Things" may make it easy for us to automate our lives, but it's also making it easier for hackers to gain access to home networks and computers. Security researchers Rapid7 (via ZDnet) are reporting that security flaws in Osram's Lightify brand of iPhone-controlled lightbulbs could allow hackers to launch browser attacks or even identify the wireless network's password.

According to the ZDnet post, "The security firm said in an advisory that one of the worst flaws could allow an attacker to “take control of a product” in order to launch attacks against a browser by allowing the injection of persistent JavaScript and web-based HTML code into the web management interface… Another severe weakness in the smart home device allows an attacker to identify the wireless network’s password. The devices use short, eight-character codes, which can be easily cracked within a matter of minutes or hours."

Rapid7 said that Osram is planning an update to eliminate most of the security vulnerabilities soon. The Osram Lightify system is sold as a starter kit with A19 bulbs and a Wi-Fi hub, and its bulbs are also compatible with Philips Hue and other lighting systems using the Zigbee protocol.