My first pass at this would be to put something like Charles between the wifi AP and the internet and taken a look at what was going on. After understanding the protocol, then would it be a lot easier to look for an OTA FW exploit or mitm attacks around the string manipulation functions used to communicate to the outside.
Traceroute to cloud.yeelight.com seems to go to China.<p>Your light bulbs are talking to a cloud service in China.<p><a href="https://www.cnet.com/news/can-wi-fi-let-you-see-people-through-walls/" rel="nofollow">https://www.cnet.com/news/can-wi-fi-let-you-see-people-throu...</a><p>Nope.