- Dec 30, 2012
- 4,809
Smart lighting has skyrocketed in popularity in the last few years, thanks to slick hardware like the Philips Hue and falling prices. It’s a fast, easy way to make your home or workplace feel a little more futuristic. Also futuristic: they way that hackers can hijack control of those bulbs simply by flying a drone close enough to transmit a radio signal.
A team of researchers from Dalhousie University explain how they can do it in a paper they titled IoT Goes Nuclear. All it required — apart from their collective knowledge and skills, of course — was a couple hundred dollars’ worth of off-the-shelf electronics. They shared a video of their drone doing a bit of “war flying” on YouTube:
Looks harmless enough in the video, right? Lights flicker on and off, even signaling S.O.S. in Morse code. Remember that it’s just a proof of concept. They’ve put a lighthearted spin on what they’re demonstrating, but what they’ve accomplished is alarming. They’ve taken complete control of a lighting system without having to gain physical access.
It gets worse, though. The Dalhousie team didn’t just figure out how to turn the lights off an on at will. They managed to completely overwrite the firmware and inject code that can actually spread their malware to other smart lightbulbs that are within range. Had they wanted to, they could have also permanently crippled the bulbs’ update mechanism and made restoring the factory firmware impossible.
There’s also a second way to perform the initial attack. Instead of flying by with a drone, a smart bulb that’s already infected can be installed near other bulbs. Once it starts broadcasting the team’s malicious signal, any vulnerable bulbs nearby can be co-opted.
A team of researchers from Dalhousie University explain how they can do it in a paper they titled IoT Goes Nuclear. All it required — apart from their collective knowledge and skills, of course — was a couple hundred dollars’ worth of off-the-shelf electronics. They shared a video of their drone doing a bit of “war flying” on YouTube:
Looks harmless enough in the video, right? Lights flicker on and off, even signaling S.O.S. in Morse code. Remember that it’s just a proof of concept. They’ve put a lighthearted spin on what they’re demonstrating, but what they’ve accomplished is alarming. They’ve taken complete control of a lighting system without having to gain physical access.
It gets worse, though. The Dalhousie team didn’t just figure out how to turn the lights off an on at will. They managed to completely overwrite the firmware and inject code that can actually spread their malware to other smart lightbulbs that are within range. Had they wanted to, they could have also permanently crippled the bulbs’ update mechanism and made restoring the factory firmware impossible.
There’s also a second way to perform the initial attack. Instead of flying by with a drone, a smart bulb that’s already infected can be installed near other bulbs. Once it starts broadcasting the team’s malicious signal, any vulnerable bulbs nearby can be co-opted.
Smart toilets next on the list!!
