Privacy & Security: Responsible Disclosure of Security Vulnerabilities
LIFX is committed to the privacy, safety and security of all our customers.
LIFX aims to keep its products safe for everyone. Data security is a priority. If you are a security researcher and have discovered a security vulnerability in our product, website, or service, we appreciate your help in disclosing it to us in a responsible manner.
If you feel your account may have been compromised, or if you suspect fraudulent behavior, do not hesitate to contact our support team. Your issue will be investigated immediately and thoroughly.
Please use our PGP public key to encrypt any email submissions to us at firstname.lastname@example.org
LIFX Improve Security Standards with Encryption
A report posted by Limited Results claimed that three categories of security vulnerability exists in our lights. Indeed we have been working in collaboration with Limited Results since he alerted us to these, with thanks, in 2018. In response, we have already addressed each vulnerability with firmware updates during Q4 2018:
- WiFi credentials are now encrypted
- We have introduced new security settings in the hardware
- Root certificate and RSA private key is now encrypted
Are these vulnerabilities now resolved?
- All of the moderate to high severity vulnerabilities that were identified by Limited Results has been addressed in the firmware and app releases that occurred in late 2018.
- All sensitive information stored in the firmware is now encrypted and we have introduced extra security settings in the hardware.
- Customers can obtain the firmware update by opening their LIFX app and a firmware update prompt will be shown, if they haven’t already updated their lights.
If a customer had previously purchased this product, what can they do to make sure that their data is protected?
- Changing username and password credentials would ensure that the vulnerable information is no longer relevant. And we would recommend changing these as regularly as is convenient for any device from laptop to lightbulb.