• Obinice@lemmy.world
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    5
    ·
    9 months ago

    They’re light bulbs. What data can they possibly hold on the users beyond how bright they like their bulbs.

    • local_taxi_fix@lemmy.world
      link
      fedilink
      English
      arrow-up
      56
      ·
      9 months ago

      What times your lights are on or off can expose more than you might think over time. It reveals when you’re gone for work, your sleep schedule, how many days a year you spend at home vs traveling/elsewhere, when you stay up late, etc.

      But it gets worse. If you give Hue your email or install the app then now you can be uniquely id’d across other products. Hue will sell that data to some advertising agency, who also buys data from Google, Facebook, etc. Now your usage data from other systems can be combined with the Hue data and used to more even more accurately track your day and behaviors.

      • electromage@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 months ago

        Also when the keys are inevitably discovered on an unsecured S3 bucket, everyone will have it! In addition to your billing information and other PII.

      • unsaid0415@szmer.info
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        9 months ago

        I’m not sure how do Hue lights work, but if they have any Wi-Fi component they’re essentially a device in your network. If compromised (by a hacker or by Philips themselves) they’re no different than a device next to yours on public Wi-Fi. Someone will definitely have a desktop PC with vPro with default credentials, or once in a while someone will log into something using HTTP without the S and leak plaintext credentials.

        People more well versed in networking often put their IoT devices in a separate network/VLAN so that they are all lumped together and away from personal PCs.

        Hell, I even block my ISP-issued modem/router/AP from ever getting an IP address on my network, and that way I can’t even receive tech support from them lmao

    • LrdThndr@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      It’s also not about what data they hold, but what data they have access to.

      To you, it’s a light bulb, but internally, it’s a network-connected microcontroller, meaning it’s also connected to everything else in your network.

      It theoretically could scan and exploit any number of security holes in other devices, including but not limited to phones and desktops.

      Even if the manufacturer is ethical with it, other nefarious actors can use it as an attack point to try to gain deeper access. Some of these devices run a full Linux install internally, and if you know how, you can even get a shell session open on them.

    • glimpseintotheshit@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      In addition to what the other commenters have said: They don’t just sell light bulbs but also motion sensors that can even measure temperature.

      So they wouldn’t just be able to tell which room you’re in at any given time but may also be able to tell when and for how long you shower or how often you cook food in the kitchen based on slight temperature changes.

      And if you wanna get really paranoid: Hue Sync analyzes what’s on your screen and synchronizes lights accordingly. Who knows what is really going on there if they pull this kinda shit lol