Yeelight products and KRACK WPA2 Wifi vulnerability


#1

Hello, is Yeelight going to patch all the yeelight products against the new KRACK attack WPA2 vulnerability??

Info here:

https://www.krackattacks.com/


#2

Yes, will release the firmware once fix is ready


#3

Have you made this release yet? I have recently bought Yeelight and my home became an entertainment for a hacker. I have wasted my money on the product that left me vulnerable to eavesdropping, identity theft and financial consequences.All my devices in the house are breached because of Yeelight.

My devices are open to attacks even on airplane mode. The hacker was trying to call the international numbers on my phone at night! I’ve seen with my own eyes when my phone was trying to enter the phone number and call. He is blocking my traffic to get my passwords out of me. I cannot use my phones. I lost access to my bank accounts. He broke 2 of my routers. He tried to install server on my PC. He eavesdrops on what is being said - my microphones on the phone consume battery resources in the background for no reason. I cannot get rid of him because of Yeelight that brought him into my home.

I cannot believe that you allow this kind of issue into our homes!


#4

Are you sure about this?

That’s weird, it seems your phone was hitted by the virus.


#5

My devices were factory reset and cleaned in isolation through safe modes. My ISP provider replaced my router, my IP and wifi settings. I have a bitdefender full security with VPN on all devices. I have reset every device on my network 3 times in the last 3 weeks, reinstalled operation systems, checked for rootkits, malware and viruses with several tools includind portable. Google devices are patched from this vulnerability, Apple devices are patched from this vulnerability. Only Xiaomi does not have response on this topic as of 2 years later. Please do note that that’s considering that I have complex random passwords that I regularly reset, password managers with 2-step verification, clean systems with regularly cleaned registry and latest updates. In fact, I was doing so great until Yeelight that I did not have security issues and viruses for more than 18 years on my devices.

Please don’t tell me that’s not Yeelight. Every time I connect Yeelight - it starts all over.


#6

How many times have you encountered? I don’t think your phone tried to call international numbers has something related to Yeelight. If this case happens, will it stop if you power off Yeelight devices?


#7

Yes, it does stop, but only after I reset all devices, because while Yeelight is on, the hacker is doing something to my devices and restarts them. Probably changes settings and implants malware using Yeelight as a backdoor. I saw how he restarted my Google Home and Chromecast making it accessible externaly. He did the same with the router while it was connected to Yeelight - it was not reseting to factory settings - that is why I said that it was broken and replaced. As soon as I connected Yeelight to the new router after resetting every device in isolation - the same story. I have no lights at home - I have to keep everything off.


#8

You can have a try with reset all your yeelight devices to see if this will happen, I don’t think it relates to Yeelight. (There’s no network connection once you reset your Yeelight device)


#9

I have reset Yeelight - as I said I had to do it 3 times in ISOLATION, which means that EVERY device I have including every bulb I have was reset and reinstalled step by step disconnected from the network to clean the whole network.