Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday April 18 2017, @05:21PM   Printer-friendly
from the a-dark-day-in-tech dept.

Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack. To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already).

To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key (for each device type) that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.

A PDF of the paper is available here.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @07:01PM (3 children)

    by Anonymous Coward on Tuesday April 18 2017, @07:01PM (#495968)

    Before the internet we had radio. In July.

    Why? That doesn’t make any sense. Sorry. There’s no known way of saying an English sentence in which you begin a sentence with “in” and emphasize it. Get me a jury and show me how you can say “in July” and I’ll… go down on you. That’s just idiotic, if you’ll forgive me by saying so.
    That’s just stupid. “In July”?
    I’d love to know how you emphasize “in” in “in July”… Impossible! Meaningless!
    He isn’t thinking.
    Yeah.
    You didn’t say it. He said it.
    Your friend. “Every July”?
    No, you don’t really mean “every July”?
    But that’s–that’s bad copy. It’s in July. Of course it’s every July! There’s too much directing around here.

  • (Score: 4, Funny) by Gaaark on Tuesday April 18 2017, @08:30PM (1 child)

    by Gaaark (41) on Tuesday April 18 2017, @08:30PM (#496001) Journal

    Before the remote control tv, we had to change the channels WITH OUR TOES!!

    IN JUNE!!!

      But still she wanted me. She dripped coffee all over her table cloths (made of cotton and some twizzle sticks), which she cleaned up with her cat.

    And all this, in June.
    So there.
    Beat that, with a blade of grass held between your thumbs, so that when you blow into it, the grass makes a whoooiiiizzz sound.

    Let's see an AI troll make sense of this, in Disneyland.
    In August.
    I have a cunning plan.
    Hillary Clinton has a hairy bum, which Trump says is orange. (Barack vs Baldrick... why am i surprised by bananas).

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 2) by VLM on Tuesday April 18 2017, @09:21PM

      by VLM (445) Subscriber Badge on Tuesday April 18 2017, @09:21PM (#496023)

      I think Gaaark is trying to buffer overflow us so we end up blinking SOS like the article. Who knows might work. I can't believe Snow Crash was published in '92 and thats getting to be a long time ago. And yes, Snow Crash is on topic, although in the article I think they used a more modern exploit than ancient Sumerian.

  • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @09:15PM

    by Anonymous Coward on Tuesday April 18 2017, @09:15PM (#496018)

    in this article "in" was empahized ! or ?