As more and more devices are getting connected to the internet, we have to start confronting an uncomfortable fact: We're living in a world that's easier than ever to hack. That's the finding of a new study from researchers at the Weizmann Institute of Science near Tel Aviv and Dalhousie University in Halifax, Canada.
In a paper on the subject, Eyal Ronen, Colin O'Flynn, Adi Shamir and Achi-Or Weingarten speculate on the possibilities of infiltrating a world of smart devices, but also provide a case study. As an example, they chose to use Phillips Hue smart lightbulbs.
"To make such an attack possible," the group writes, "we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates."
Both were relatively easy. The first breakthrough came after discovering a major bug"in the implementation of the Light Link, "which enables any standard ZigBee transmitter (which can be bought for a few dollars in the form of an tiny evaluation board) to initiate a factory reset procedure," thus leaving the Hue open to new control. Then, by breaking through the encryption used for firmware updates, which the researches said took only a few days, they were able to update the lights such that they control was effectively permanent.
The researchers discovered that, in a hypothetical city where Phillips Hue lights are widespread, they would be able to attack the electrical grid, jam wireless signals, and even trigger epileptic seizures by flashing lights on and off rapidly. In their flashiest demonstration, they illustrated the possibilities of this sort of hacking with a drone controlling lights in a target building some 1,000 feet away.
The white hats they are, the researchers informed Phillips of the bug, which in turn corrected the problem. But the number of smart devices out there is only increasing, and as the researchers warn, "this will not be the last bug."
Source: New York Times via The Verge
