SMARTLIGHTS

Sushant Gautam May 16, 2017 0 Comments Black Hat 2016 smart light hacking, DDos attack on lights, OTA, Philips Hue, Smart Lights, Zigbee Attack

“Hacking smartlights can be hackers next move.”

The home automation has gone one step farther by the invention of smart lights. You can now replace your incandescent light bulb with smart lighting solutions that can be controlled by a single tap on your smartphone or tablet. Doesn’t that sound interesting to those who are lazy? Oh, wait these bulbs offer you even more degree of control than traditional bulbs like setting timers, geofencing (controlling light according to your GPS location). You can integrate smart bulbs with security cameras and other smart devices. Triggering lights to react on phone notifications, change in weather, emergency announcements from local administration can be taken as best examples. These smart lights provide flexible, exciting and energy efficient lighting at home or professional lighting.

So that was all about features but what about the control? Well, there are many options available based on user requirements. Connectivity is provided through WiFi, Bluetooth and ZigBee. With these available connectivities, you get more control over your house lighting system. Companies like Philips are providing automation hub like Wink 2, Philips Hue, to let you connect to your lights wherever you are. No matter whether you forget to turn off the lights while leaving for vacation or before sleeping, you will only need a smartphone and set timer.

19% of the world’s total energy is used for lighting and 6% of the greenhouse emissions is due to this energy used for lighting. In US, 65% of the energy consumption is used by commercial and industrial sectors among which 22% is used only for lighting. At this scenario, smart lights would be a better solution since they are energy efficient and eco friendly. Days to panic on electricity bills are going to end.

But with this smart revolution in home and commercial lighting have you ever thought of the possible threats? Like how secure they actually are? Releasing a paper at Black Hat Conference 2016, the researchers Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten from Weizman Institute of Science of Israel and Dalhouse University of Canada showed how the most essential home objects like bulbs can be vulnerable to attacks. They tested their attack on popular brand manufacturer of smart lights, Philips. Philips Hue light bulbs communicate via ZigBee protocol, a global standard that allows customers to remotely control LEDs, light bulbs, timers and switches. Any new firmware is delivered via OTA(Over The Air) update. They found a flaw in ZigBee and used it to infect the lamp. They replaced the firmware with worm for attack. They used a drone to get close to a building and the team was able to deliver malware to one of the bulb and then the virus got spread from one infected lamp to it’s neighbour like a chain reaction. On their paper they have expressed it as: When the drone hovers in front of the building, the second phase of our attack can be seen. The lights have been “kidnaped” from their controller and are crying for help, signaling S O S repeatedly in Morse code. Once attacked this malware enables attacker to control lights, permanently brick them or abuse them for massive DDoS(Distributed Denial of Service) attacks. The researchers argue this kind of attack could be used to take over a building or an area with a high concentration of connected devices within minutes.

Watch hacking video here:

Paris has started smart city project to reduce public lighting energy consumption by 30% deploying more than 15000 smart lights . Just imagine what would be the effect when one of those gets infected by a malware. Let’s talk about US electricity grid. FBI warned about possible threat after attack that shut down power grid in Ukraine. The worm that infects smart bulbs can be integrated to attack other smart devices in it’s periphery. The hacker will then be able to get control over entire city or organization. These are some of possible large scale attacks. What about individual? Studies show that hacker can adjust the contrast of bulb in such a way that it can cause brain hemorrhage to a person sitting in the light or cause long term discomfort which might result in lesser productivity. The attacker can send a malware to your smartphone or other device connected with the lighting system and steal all of your valuable information. He can get control over all your devices connected with your lights.

Considering smart lights to be a great threat of the future, their use can’t be discarded. Demand of people is what leads to innovation and revolution. With technology getting better day by day, we can hope that companies like Philips will bring more security updates in the near future to prevent those attacks.