Smart lighting may be the next Internet of Things IoT attack vector, thanks to hackable Philips Hue smart lightbulbs.
Researchers from the Weizmann Institute of Science, Israel, and Dalhousie University, Canada, created a proof-of-concept worm that can be used spread from across the smart lightbulbs potentially infecting a whole network of them and opening them up for exploitation.
In the IoT Goes Nuclear: Creating a ZigBee Chain Reaction paper, the researchers noted how through exploiting universal encryption keys over the ZigBee wireless networking standard they can compromise a Philips Hue lightbulb from a distance of around 400 metres.
The worm spreads by jumping directly from one lamp to its neighbours, using only their built-in ZigBee wireless connectivity and their physical proximity, the researchers said.
To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometres: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass which had almost certainly been surpassed already .
To carry out the attack the researchers first had to figure out how to yank a Hue lightbulb from its network .