Lessons to learn from LiFX hack?

Watched a vid about this weeks hack of the wifi related ipv6 mesh network used by the LiFX led light bulbs by the respected security expert Steve Gibson (on the twit show “security now”)

Though not a imp technology and being related to them making a “schoolboy error” of hardcoded a security key I thought it interesting that it be suggested that it be good practice to put all IOT devices on a wifi guest network rather than in with everything else.

Do we think this is “over the top” or something we should be (carefully) suggesting?

Not sure about a guest network, but certainly a secondary, secure WLAN operating alongside your own isn’t a bad idea. My Virgin router, for instance, allows secondary and primary (guest too) networks.

This is one reason why I quite like imps operating on 2.4GHz - all my other kit runs on a separate (but same router) 5GHz WLAN.

Their other error was not enabling the hardware protection features of the CPU, which would have prevented using JTAG to read out the code.

I tend to treat any network as insecure and possibly hostile; authenticating requests just based on the fact a device has access to a local network is usually not a good thing - WPA2 will become cracked sooner or later.