Keep an Eye on Light Bulbs – May be Hackers’ Next Target

Experts express concern on the security of IoT products like the Philips Hue

Hackers Internet

One very strong trend in technology today is the drive to have virtually all things that an individual may have be connected wirelessly. While this can result in numerous conveniences and increased functionality from objects that people may interact with on a regular basis, researchers also believe that this can further expose people to cyber-security threats.

This tech trend, called the IoT, or the Internet of Things, is something that a lot of tech companies are investing on. This has resulted in a plethora of products outside of personal and mobile computing to have internet capability and control functionality. This includes TVs and media players all the way to washing machines, air conditioning units and even light bulbs.

A study published Thursday however, shows that there still are a lot of problems with regards to the security of these so-called smart appliances.

One such IoT application that the researchers at Weizmann Institute of Science and Dalhousie University put a lot of work into is the Philips Hue smart bulb. Looking at its specifications on paper, the bulb definitely has a lot to offer in terms of functionality. With its companion smartphone app, a user will be able to turn on or off the bulb, set a timer option to automatically activate or switch it off, or depending on the bulb model chosen, will allow users to adjust the colors that the light can produce.

However, the problem is that the researchers were able to gain control of these lightbulbs with relative ease, and were even able to do so hundreds of feet away from the lightbulbs themselves. “We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates” researches said on how they were able to obtain the Authentication Key that Philips uses for their Hue products. If these lightbulbs were part of a bigger network of devices, then it is very likely that the whole network will be compromised.

Concerns regarding the security of the IoT have been further put into the public’s attention in light of the recent massive DDoS (Denial-of-Service) attacks that happened recently. Hackers were able to gain access to wireless cameras of the internet company Dyn (the DNS provider to Reddit, PayPal, Spotify, SoundCloud, GitHub, CNN.com and other sites), and eventually brought down its services. This caused popular websites, including Twitter (NYSE:TWTR) and Netflix (NASDAQ:NFLX) to become temporarily unavailable. While the effects of the DDoS attack is relatively harmless, the ease by which hackers can use even the simplest devices to gain access to a larger network can have devastating repercussions in the future, as more and more devices are connected together through the internet.

It is possible for manufacturers of IoT capable devices to mitigate these flaws by using unique user names and passwords, the monitoring of IP addresses that connect to the device, and the use of secure VPN tunnels, among other solutions. However, researchers conclude that companies should put in more effort to ensure that their internet capable products, at the base software level, are as free from flaws and bugs as possible.

Disclaimer: This page contains affiliate links. If you choose to make a purchase after clicking a link, we may receive a commission at no additional cost to you. Thank you for your support!

1 Comment on Keep an Eye on Light Bulbs – May be Hackers’ Next Target

  1. Can someone here build a bot that would work in reverse? If a bot can sniff out insecure default protected Iot devices and gain control over those devices, why couldn’t a “defensive bot”, or Dbot enter, change the default passwords to random secure levels and then spread to “infect” ever more devices? Over time a few things would happen. The net would quickly become far more secure, some devices would be bricked, and manufacturers would be forced to make more secure devices. Government is certainly incapable of responding, consumers don’t care and manufacturers have no incentive to fix the security flaws. If a Dbot isn’t built and deployed now, the risk of future security threats and the extent of the resulting damage will continue to increase exponentially every day. Does anyone want to show how that can be done? Just build and release it.

Leave a Reply

Your email address will not be published.


*

This site uses Akismet to reduce spam. Learn how your comment data is processed.