It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Just when you thought it was safe to turn on the light, an Israeli-Canadian study has uncovered a weakness in the design of Philips Hue smart light bulbs that it believes a hacker could use to launch an improvised wireless worm.
The attack works by targeting the Atmel ZigBee wireless chip inside each bulb which should, on the face of it, be highly secure. It’s cloaked in layers of cryptographic and non-cryptographic defences which also limit the proximity required to issue new instructions to mere centimetres.
Unfortunately, the chip’s proximity detection firmware has a security flaw which allows this to be extended by up to 400 metres, rendering it vulnerable to takeover after issuing a factory reset.
The team even came up with a memorable proof-of-concept that involved taking control of bulbs from a drone – dubbed war flying – before flashing back each bulb’s captured status as an SOS in Morse code:
Problem Is Patched For Now:
Philips have posted a statement on their website that reads:
Researchers contacted us in the summer about a potential vulnerability and we patched it before the details of findings were disclosed publicly. At no time was a virus created or used to infect any Philips Hue products.
We recommend all our customers install the latest software update via the Philips Hue app, as with any other update that we release, despite assessing the risk to Philips Hue products as low.
Potential Problems In The Future:
Although there’s no danger for Philips customers today the research is a signpost to what might be possible if the IoT’s security doesn’t improve as the density of devices gets ever greater.
The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDoS attack.In a process resembling a nuclear chain reaction, hackers can rapidly cause city-wide disruptions which are very difficult to stop and to investigate.
originally posted by: FamCore
I wonder if hackers/interested parties can develop a virus that will send false data, while setting the systems on overdrive (to either blast the heat, or the cool).
originally posted by: tigertatzen
I have never heard of smart bulbs, and I don't really understand the technology very well, but I don't like it.