Watch: This Drone Hacks Smart Light Bulbs
Internet-connected devices these days have become an increasingly popular pastime for hackers. The recent example of this was the massive internet blackout caused by connected devices.
A team of researchers at Israel’s Weizmann Institute of Science and Dalhousie University in Halifax, Canada have demonstrated how hackers can use the simplest of smart household devices, including lights, switches, locks, thermostats, and more, to potentially take down sections of the internet or carry out a full-scale attack on a country’s infrastructure. They showed how easy it is to take control of the devices and employ them for the kind of distributed denial of service (DDoS) attack.
The experiment, carried out by four researchers, Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten, focused on simple Philips Hue Wi-Fi-connected smart bulbs and showed how the bulbs can “infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction.”
The researchers executed the chain-reaction attack by utilizing a flaw in the ZigBee radio protocol, a widely-used home automation protocol found in thousands of consumer devices, to demonstrate the explosive ease with which Internet of Things (IoT) devices can infect each other with malware, resulting in a kind of digital plague that can have disastrous urban repercussions.
In their mock scenario, the researchers flew a drone to wirelessly infect a Philips Hue smart lightbulb with a virus, which then visibly spread from one lamp to another in the building.
“The attack can start by plugging in a single infected bulb anywhere in the city and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack,” the researchers wrote.
The researchers deployed the worm by exploiting a weakness in Philips’ encryption to force an over-the-air firmware update using an “autonomous attack kit” built from “readily available equipment” costing just a few hundred dollars.
“We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test,” the researchers said. “To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware.”
The researchers promptly notified Philips Lighting of its software vulnerability, who has since patched the flaw in a software update issued earlier this month.
“We should work together to use the knowledge we gained to protect IoT devices or we might face in the near future large scale attacks that will affect every part of our lives,” the researchers concluded.