Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 5 Nov 2016 11:33:48 -0500
From: "Alister Wm Macintyre \(Wow\)" <
macwheel99@wowway.com>
Subject: Why Light Bulbs May Be the Next Hacker Target (John Markoff)
John Markoff, *The New York Times*, 3 Nov 2016
Researchers report in a paper <
http://iotworm.eyalro.net/> that they have
uncovered a flaw in a wireless technology that is often included in smart
home devices like lights, switches, locks, thermostats and many of the
components of the much-ballyhooed "smart home" of the future. The
researchers focused on the Philips Hue smart light bulb and found that the
wireless flaw could allow hackers to take control of the light bulbs,
according to researchers at the Weizmann Institute of Science near Tel Aviv
and Dalhousie University in Halifax, Canada.
<
http://www.nytimes.com/topic/company/koninklijke-philips-electronics-nv?inline=nyt-org>
[I wonder how many other brand names are at similar risk.]
Imagine thousands or even hundreds of thousands of Internet-connected
devices in close proximity. Malware created by hackers could be spread like
a pathogen among the devices by compromising just one of them. [There is
video, in the research paper, showing tests. For example, a drone hovers
next to a high rise building, and you see it taking over control of all the
lights of the building. Before the test, they had switched one light bulb on
ground floor, with one they already could hack.]
The new risk comes from a little-known radio protocol called ZigBee.
<
http://www.zigbee.org/what-is-zigbee/>
<
http://www.zigbee.org/what-is-zigbee/>
<
http://www.zigbee.org/what-is-zigbee/>
The researcher said they had notified Philips of the potential vulnerability
and the company had asked the researchers not to go public with the research
paper until it had been corrected. Philips fixed the vulnerability in a
patch issued on 4 Oct and recommended that customers install it through a
smart phone application. Still, it played down the significance of the
problem.
[I wonder how many customers learned about this, and implemented the patch.]
http://www.nytimes.com/2016/11/03/technology/why-light-bulbs-may-be-the-next-hacker-target.htmlhttp://iotworm.eyalro.net/
The full results technical paper can be downloaded from this link:
IoT Goes Nuclear: Creating a ZigBee Chain Reaction [PDF, 6.7MB]
<http://iotworm.eyalro.net/iotworm.pdf>
Risks identified by the research:
* Brick the lights so they cannot be fixed vs. whatever nuisance the
malware has inflicted.
* City-wide wireless jamming.
* Attack electric grid via manipulating power consumption demands.
* Induce epileptic seizures in photosensitive people on a large scale.
[Risks thought about by Al Mac:
* Kill street lights, and stairwell lights, after dark, then set off
fire alarms, sirens, so people can have a hard time exiting safely.
* Airport runway lights go out, when most needed for safe landing.]
* You know those highway signs, using letters spelling out key words
for warnings to drivers, where each letter is combination of lights on &
off? The phrases could be altered.
* Do emergency responders use the same radio frequencies that can be
jammed by this hack?]
———————————————