Why Light Bulbs May Be the Next Hacker Target

by John Markoff, The New York Times

The so-called Internet of Things (IoT), its proponents argue, offers many benefits: energy efficiency, technology so convenient it can anticipate what you want, even reduced congestion on the roads.

Now here’s the bad news: Putting a bunch of wirelessly connected devices in one area could prove irresistible to hackers. And it could allow them to spread malicious code through the air, like a flu virus on an airplane.  The IoT could prove highly vulnerable to cyberattackers, according to a new study from researchers at Canada’s Dalhousie University and Israel’s Weizmann Institute of Science.

By focusing on the potential for hackers to hijack a smart Philips light bulb by exploiting a wireless flaw, the researchers say malware could spread across thousands or even hundreds of thousands of Internet-linked devices in close proximity, by infecting a single device.

The team found the ZigBee wireless radio standard can be used to generate a malware-proliferating computer worm that targets IoT devices. And they wouldn’t have to have direct access to the devices to infect them: The researchers were able to spread infection in a network inside a building by driving a car 229 feet away.

They say the recent attack against the company Dyn demonstrated hackers have the means to commandeer a range of Internet-connected devices and use them to orchestrate similar attacks, steal information, transmit spam, or execute other malicious activities.

“Even the best Internet defense technologies would not stop such an attack,” warns cryptographer and study co-author Adi Shamir. The researchers say they used readily available and relatively inexpensive equipment to hack the Philips light bulb, which again demonstrates “how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.”  Read the article.