Which smart bulbs should you buy (from a security perspective)

Post Syndicated from Matthew Garrett original https://mjg59.dreamwidth.org/51910.html

People keep asking me which smart bulbs they should buy. It’s a great question! As someone who has, for some reason, ended up spending a bunch of time reverse engineering various types of lightbulb, I’m probably a reasonable person to ask. So. There are four primary communications mechanisms for bulbs: wifi, bluetooth, zigbee and zwave. There’s basically zero compelling reasons to care about zwave, so I’m not going to.


Advantages: Doesn’t need an additional hub – you can just put the bulbs wherever. The bulbs can connect out to a cloud service, so you can control them even if you’re not on the same network.
Disadvantages: Only works if you have wifi coverage, each bulb has to have wifi hardware and be configured appropriately.
Which should you get: If you search Amazon for “wifi bulb” you’ll get a whole bunch of cheap bulbs. Don’t buy any of them. They’re mostly based on a custom protocol from Zengge and they’re shit. Colour reproduction is bad, there’s no good way to use the colour LEDs and the white LEDs simultaneously, and if you use any of the vendor apps they’ll proxy your device control through a remote server with terrible authentication mechanisms. Just don’t. The ones that aren’t Zengge are generally based on the Tuya platform, whose security model is to have keys embedded in some incredibly obfuscated code and hope that nobody can find them. TP-Link make some reasonably competent bulbs but also use a weird custom protocol with hand-rolled security. Eufy are fine but again there’s weird custom security. Lifx are the best bulbs, but have zero security on the local network – anyone on your wifi can control the bulbs. If that’s something you care about then they’re a bad choice, but also if that’s something you care about maybe just don’t let people you don’t trust use your wifi.
Conclusion: If you have to use wifi, go with lifx. Their security is not meaningfully worse than anything else on the market (and they’re better than many), and they’re better bulbs. But you probably shouldn’t go with wifi.


Advantages: Doesn’t need an additional hub. Doesn’t need wifi coverage. Doesn’t connect to the internet, so remote attack is unlikely.
Disadvantages: Only one control device at a time can connect to a bulb, so harder to share. Control device needs to be in Bluetooth range of the bulb. Doesn’t connect to the internet, so you can’t control your bulbs remotely.
Which should you get: Again, most Bluetooth bulbs you’ll find on Amazon are shit. There’s a whole bunch of weird custom protocols and the quality of the bulbs is just bad. If you’re going to go with anything, go with the C by GE bulbs. Their protocol is still some AES-encrypted custom binary thing, but they use a Bluetooth controller from Telink that supports a mesh network protocol. This means that you can talk to any bulb in your network and still send commands to other bulbs – the dual advantages here are that you can communicate with bulbs that are outside the range of your control device and also that you can have as many control devices as you have bulbs. If you’ve bought into the Google Home ecosystem, you can associate them directly with a Home and use Google Assistant to control them remotely. GE also sell a wifi bridge – I have one, but haven’t had time to review it yet, so make no assertions around its competence. The colour bulbs are also disappointing, with much dimmer colour output than white output.


Advantages: Zigbee is a mesh protocol, so bulbs can forward messages to each other. The bulbs are also pretty cheap. Zigbee is a standard, so you can obtain bulbs from several vendors that will then interoperate – unfortunately there are actually two separate standards for Zigbee bulbs, and you’ll sometimes find yourself with incompatibility issues there.
Disadvantages: Your phone doesn’t have a Zigbee radio, so you can’t communicate with the bulbs directly. You’ll need a hub of some sort to bridge between IP and Zigbee. The ecosystem is kind of a mess, and you may have weird incompatibilities.
Which should you get: Pretty much every vendor that produces Zigbee bulbs also produces a hub for them. Don’t get the Sengled hub – anyone on the local network can perform arbitrary unauthenticated command execution on it. I’ve previously recommended the Ikea Tradfri, which at the time only had local control. They’ve since added remote control support, and I haven’t investigated that in detail. But overall, I’d go with the Philips Hue. Their colour bulbs are simply the best on the market, and their security story seems solid – performing a factory reset on the hub generates a new keypair, and adding local control users requires a physical button press on the hub to allow pairing. Using the Philips hub doesn’t tie you into only using Philips bulbs, but right now the Philips bulbs tend to be as cheap (or cheaper) than anything else.

But what about

If you’re into tying together all kinds of home automation stuff, then either go with Smartthings or roll your own with Home Assistant. Both are definitely more effort if you only want lighting.

My priority is software freedom

Excellent! There are various bulbs that can run the Espurna or AiLight firmwares, but you’ll have to deal with flashing them yourself. You can tie that into Home Assistant and have a completely free stack. If you’re ok with your bulbs being proprietary, Home Assistant can speak to most types of bulb without an additional hub (you’ll need a supported Zigbee USB stick to control Zigbee bulbs), and will support the C by GE ones as soon as I figure out why my Bluetooth transmissions stop working every so often.


Outside niche cases, just buy a Hue. Philips have done a genuinely good job. Don’t buy cheap wifi bulbs. Don’t buy a Sengled hub.

(Disclaimer: I mentioned a Google product above. I am a Google employee, but do not work on anything related to Home.)

comment count unavailable comments