Your smart light bulb might be sending your data to China

Apps connected to smart light bulbs sold in Walmart and Best Buy are communicating with Chinese servers, report says

Reading Time:3 minutes

Your smart light bulb might be sending your data to China

Published: 7:01pm, 1 Mar 2019Updated: 8:58am, 20 Sep 2019

This article originally appeared on ABACUS

Most of us would assume that having a smart light bulb at home involves minimal risk. But turns out, it's not the light bulb we might need to worry about -- it's the apps and platforms that control it. And some of these apps might be gathering data from our phones without our knowledge, and sending them to China.

American cybersecurity company Dark Cubed says they discovered a light bulb that does just that during tests they conducted on several random smart devices widely available in Walmart, Amazon, Best Buy and other stores across the US. They also found that some of these devices carry other security risks.

On the outside, the Merkury light bulb did very little besides switching the light on and off. It didn’t have hidden microphones, not like the Google Nest camera. But the app that controlled the bulb required a number of significant permissions, including knowing your location, recording audio, and other permissions. Researchers say that could potentially enable the theft of passwords and data from users' smartphones.

Google forgot to inform its Nest camera users that the camera has a secret microphone inside. (Picture: AP Photo/Eric Risberg)

The Geeni Android Application also contained hard-coded links to about 40 third-party websites. They include US companies such as Facebook and Twitter, but also China-based internet companies such as Alibaba, Taobao, QQ, and Weibo.

(Abacus is a unit of the South China Morning Post, which is owned by Alibaba.)

This may have been just an accident.