Even Lights Can Be Hacked

  • 15 August 2013
  • 2 replies
  • 1519 views

Userlevel 7
Ahh, the "Internet of Things." By now, I am sure many of you are well of this term. If not, basically, from refrigerators to washing machines to thermostats, more and more everyday devices today can connect to the web. The potential problem that arises from this concept is that, because security isn't necessarily a top concern, just about any of these device is hackable. We've posted stories about devices that, if hacked, could have life-threatening consequences. The late researcher, Barnaby Jack , demonstrated how a pacemaker could be hacked, and the guys from DARPA recently took Andy Greenberg of Forbes for a joyride (albeit it couldn't be all that joyful), showing viewers a car hack in which the driver loses pretty much all control of the vehicle.

 
Now, security researcher Nitesh Dhanjani, has discovered a vulnerability in the Phillips-made Hue LED lighting system, which is controlled by computers and smartphones, showing yet another reason why it could be risky business connecting everyday devices to the internet.
 
"Lighting is critical to physical security. Smart lightbulb systems are likely to be deployed in current and new residential and corporate constructions. An abuse case such as the ability of an intruder to remotely shut off lighting in locations such as hospitals and other public venues can result in serious consequences."


You can see Dhanjani demonstrate how the light hack works in the following video. The story was reported by Dan Goodin on ARS Technica.

 
 

 
(Souce: ARS Technica)

 

2 replies

Userlevel 7
I am not at my computer right now, (using my phone here..) so I cannot provide the link. CNN had quite an article this morning that while not dealing with home lighting is worth much more than a passing reference. The subject: internet connected baby monitors, particularly those with a built in web cam for video monitoring.

The situation was very disturbing to say the very least: the hacker obtained access to the video and was watching baby sleep while speaking very disturbing remarks that transmitted both in the baby's room as well as to the parents remote monitor.

Please everyone, if you are going to use any form of network connected device, home automation, anything, be very sure and careful to fully implement any and all security for those devices. Do not ever keep the factory default login and passwords: you will be wide open to attack.

Many devices simply do not have robust security available: do your homework and purchase for security, not low price point.
Userlevel 7
Hey David,
 
Thanks for letting me know about this story...it's very disturbing indeed and paints a bit of a grim picture in terms of what can go wrong when everyday devices that connect to the internet (but aren't on top of their security) get into the wrong hands. I plan to post this story shortly in our Community.
 
Thanks again for pointing it out!

Reply