One very strong trend in technology today is the drive to have virtually all things that an individual may have be connected wirelessly. While this can result in numerous conveniences and increased functionality from objects that people may interact with on a regular basis, researchers also believe that this can further expose people to cyber-security threats.
This tech trend, called the IoT, or the Internet of Things, is something that a lot of tech companies are investing on. This has resulted in a plethora of products outside of personal and mobile computing to have internet capability and control functionality. This includes TVs and media players all the way to washing machines, air conditioning units and even light bulbs.
A study published Thursday however, shows that there still are a lot of problems with regards to the security of these so-called smart appliances.
One such IoT application that the researchers at Weizmann Institute of Science and Dalhousie University put a lot of work into is the Philips Hue smart bulb. Looking at its specifications on paper, the bulb definitely has a lot to offer in terms of functionality. With its companion smartphone app, a user will be able to turn on or off the bulb, set a timer option to automatically activate or switch it off, or depending on the bulb model chosen, will allow users to adjust the colors that the light can produce.
However, the problem is that the researchers were able to gain control of these lightbulbs with relative ease, and were even able to do so hundreds of feet away from the lightbulbs themselves. “We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates” researches said on how they were able to obtain the Authentication Key that Philips uses for their Hue products. If these lightbulbs were part of a bigger network of devices, then it is very likely that the whole network will be compromised.
Concerns regarding the security of the IoT have been further put into the public’s attention in light of the recent massive DDoS (Denial-of-Service) attacks that happened recently. Hackers were able to gain access to wireless cameras of the internet company Dyn (the DNS provider to Reddit, PayPal, Spotify, SoundCloud, GitHub, CNN.com and other sites), and eventually brought down its services. This caused popular websites, including Twitter (NYSE:TWTR) and Netflix (NASDAQ:NFLX) to become temporarily unavailable. While the effects of the DDoS attack is relatively harmless, the ease by which hackers can use even the simplest devices to gain access to a larger network can have devastating repercussions in the future, as more and more devices are connected together through the internet.
It is possible for manufacturers of IoT capable devices to mitigate these flaws by using unique user names and passwords, the monitoring of IP addresses that connect to the device, and the use of secure VPN tunnels, among other solutions. However, researchers conclude that companies should put in more effort to ensure that their internet capable products, at the base software level, are as free from flaws and bugs as possible.