The next time the lights go out, you may wonder if hackers are to blame.
Flaws in wireless technology could allow cybercriminals to gain access to smart devices, like light bulbs and light switches. Researchers discovered a wireless flaw in the Philips Hue smart light bulb that would allow hackers to take control of the devices, according to a paper issued Wednesday from Weizmann Institute of Science, near Tel Aviv, and Dalhousie University in Halifax, Canada. The researchers notified Philips as to the vulnerability, which the company fixed in a patch issued on Oct. 4. Philips had asked the researchers not to go public with their research until the flaw had been corrected, per The New York Times.
“We have assessed the security impact as low given that specialist hardware, unpublished software and close proximity to Philips Hue lights are required to perform a theoretical attack,” a Philips spokesperson told the Times in an emailed statement.
A separate study recently confirmed that cyber criminals have spent months cracking into as many as two million Internet-of-Things (IoT) devices at homes and businesses, according to a paper (PDF) out from Akamai Technologies. IoT devices are products that connect to the internet, which now include televisions, refrigerators and home security systems, among many other household appliances and items.
But what exactly could cybercriminals do with a light bulb? On a small scale, hackers could create a strobe effect with an LED light, which could be an annoyance or, at worst, set off seizures in vulnerable individuals. The researchers also suggested that hackers could create a digital “worm that spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity.” The researchers envisioned an attack that could start by plugging in a single infected bulb anywhere in the city and spread everywhere within minutes, enabling the attacker to turn all the city lights off or permanently disable them.
On a large scale, the researchers said hackers could also use light bulbs, in addition to switches, thermostats, baby monitors and millions of other IoT devices to launch a major attack — similar to last month’s DDoS [distributed denial of service] cyberattack, which took down services like Twitter, Spotify, PayPal, Netflix and Reddit for hours in the U.S.
IoT is expected to move toward mainstream adoption in 2016 for many industries, according to a spring survey by Gartner. The number of organizations adopting IoT will grow 50 percent this year, reaching 43 percent of organizations overall, Gartner estimated, with almost 64 percent of organizations planning to implement IoT products and applications eventually. The economic impact of new IoT applications and products is estimated to be between $3.9 and $11.1 trillion by 2025, according to the McKinsey Global Institute.
To view a Bloomberg video on \”The Security Risks Facing the Internet of Things\”, click here.
Source: SFBJ