- Jun 9, 2013
- 6,720
That connected light bulb you just installed could flip the switch, as it were, on a hacker’s ability to take over your smart home.
Using the Philips Hue smart light bulb as a platform, researchers from Dalhousie University in Canada and the Weizmann Institute of Science in Israel identified a flaw that could potentially give hackers control over not just the lights themselves, but also connected switches, locks and thermostats on the same home network.
The researchers developed a computer worm that could be easily spread to other devices, jumping directly from one lamp directly to another using the built-in ZigBee short-range wireless connectivity.
They managed to take over lamps in two different attack scenarios. In the first, conducted at the Weizmann Institute, the researchers did a drive-by hack using a vehicle, and found they were able to manipulate the lights from up to 70 meters away.
In the second, the target was an office building in the city of Be’er Sheva in Israel, which hosts several well-known security companies and also the Israeli Computer Emergency Response Team (CERT). Several Philips Hue lights were installed on one floor of the building, and an attack kit was installed on a drone. As the drone got closer to building, lights were able to be manipulated to spell out "S.O.S." in Morse code.
There are further implications, of course. Once hackers have control of the lights, they can also pivot within the home (or office) network to attack other unsecured endpoints. And, the compromised devices could be used to jam wireless networks, attack the electrical grid or steal information.
Dalhousie researcher Colin O’Flynn, a PhD student in Dal’s Department of Electrical & Computer Engineering, kicked off the study during his research on re-purposing low-cost Phillips Hue bulbs by re-programming them with new code.
He noted that the lateral device connections are in and of themselves of interest.
“Hopefully we'll start to take security of all 'connected' devices seriously, and not just those connected to the internet,” says O’Flynn. “A big part of our research was showing how such a worm could spread between the light-bulbs themselves wirelessly, independent of any internet or network connection.”
Other researchers added that the study is just further proof of the widening scope of the internet of things (IoT) attack vector.
Read More. Smart Light Bulb Worm Hops from Lamp to Lamp
Using the Philips Hue smart light bulb as a platform, researchers from Dalhousie University in Canada and the Weizmann Institute of Science in Israel identified a flaw that could potentially give hackers control over not just the lights themselves, but also connected switches, locks and thermostats on the same home network.
The researchers developed a computer worm that could be easily spread to other devices, jumping directly from one lamp directly to another using the built-in ZigBee short-range wireless connectivity.
They managed to take over lamps in two different attack scenarios. In the first, conducted at the Weizmann Institute, the researchers did a drive-by hack using a vehicle, and found they were able to manipulate the lights from up to 70 meters away.
In the second, the target was an office building in the city of Be’er Sheva in Israel, which hosts several well-known security companies and also the Israeli Computer Emergency Response Team (CERT). Several Philips Hue lights were installed on one floor of the building, and an attack kit was installed on a drone. As the drone got closer to building, lights were able to be manipulated to spell out "S.O.S." in Morse code.
There are further implications, of course. Once hackers have control of the lights, they can also pivot within the home (or office) network to attack other unsecured endpoints. And, the compromised devices could be used to jam wireless networks, attack the electrical grid or steal information.
Dalhousie researcher Colin O’Flynn, a PhD student in Dal’s Department of Electrical & Computer Engineering, kicked off the study during his research on re-purposing low-cost Phillips Hue bulbs by re-programming them with new code.
He noted that the lateral device connections are in and of themselves of interest.
“Hopefully we'll start to take security of all 'connected' devices seriously, and not just those connected to the internet,” says O’Flynn. “A big part of our research was showing how such a worm could spread between the light-bulbs themselves wirelessly, independent of any internet or network connection.”
Other researchers added that the study is just further proof of the widening scope of the internet of things (IoT) attack vector.
Read More. Smart Light Bulb Worm Hops from Lamp to Lamp
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
