Researchers have developed proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected. The researchers demonstrate attacking bulbs by drone or ground station. The demo attacks Philips Hue lightbulbs, the most popular smart lighting system in the market today. Mark James, Security Specialist at ESET commented below.
Mark James, Security Specialist at ESET:
“If we want to look at worst case scenarios then the damages could be significant, apart from the obvious cases of turning off lights in very dark areas that could cause the human occupants to lose their footing and injure themselves, we need to consider the dangers of strobing led lighting that could cause epileptic seizures, it could also be used to cause disruption to other Wi-Fi networks using the 2.4 GHz spectrum. If enough light bulbs are connected and compromised they could be used to form a DDoS attack.e
Philips have already issued a patch to resolve this particular issue but getting the patch is not as easy as it should be. These types of issues can often arise from using common technologies that may be flawed, it once again highlights the dangers of an interconnected world running to embrace technology with security taking a back seat.”