Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / News I have a News Tip

Researchers Demonstrate How Smart Bulbs Can Be Hacked to Cause Mass Disruptions

An attack kit mounted on a drone was flown from a range of 350 meters to an office building in the city of Beer Sheva hosting some well-known security companies including Israeli CERT. Several Philips Hue lights were installed in one floor to test the attack.

A team of researchers have released a report detailing a new type of threat in which adjacent IoT devices, such as Internet-connected light bulbs, will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction.

Researchers from Israel's Weizmann Institute of Science and Dalhousie University in Halifax, Nova Scotia, Canada released a report today, titled "IoT Goes Nuclear: Creating a ZigBee Chain Reaction," detailing alarming ways hackers can rapidly cause city-wide disruptions in the near future as IoT devices surge to billions in the next few years.

Footage of researchers flying a drone near the Beer Sheva building where it successfully flickers the lights via ZigBee channel, signalling SOS repeatedly in Morse code. (Click to Enlarge / Source)"The Internet of Things (IoT) is currently going through exponential growth, and some experts estimate that within the next five years more than fifty billion 'things' will be connected to the internet. Most of them will be cheaply made sensors and actuators which are likely to be very insecure. The potential dangers of the proliferation of vulnerable IoT devices had just been demonstrated by the massive DDOS attack on the Dyn DNS company [see report], which exploited well known attack vectors such as default passwords and the outdated TELNET service to take control of millions of web cameras made by a single Chinese manufacturer."

— "In this paper we describe a much more worrying situation: We show that without giving it much thought, we are going to populate our homes, offices, and neighborhoods with a dense network of billions of tiny transmitters and receivers that have ad-hoc networking capabilities. These IoT devices can directly talk to each other, creating a new unintended communication medium that completely bypasses the traditional forms of communication such as telephony and the internet."

"[E]ven IoT devices made by huge companies with deep knowledge of security, which are protected by industry-standard cryptographic techniques, can be misused by hackers to create a new kind of attack: By using this new communication medium to spread infectious malware from one IoT device to all its physically adjacent neighbors in a process resembling a nuclear chain reaction, hackers can rapidly cause city-wide disruptions which are very difficult to stop and to investigate."

For their experiment, researchers used Philips Hue smart lights sold in large numbers since 2012, particularly in the European market. The communication between the lamps and their controllers is carried out by the Zigbee protocol, the paper indicates which is the radio link of choice in many IoT devices due to its simplicity, wide availability and low cost.

Philips Lighting has since confirmed and fixed the takeover vulnerability.

SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

Mobile Internet

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.