SoylentNews is people
SoylentNews
Smart bulbs are expected to be a popular purchase this holiday season. But could lighting your home open up your personal information to hackers?
Earlier this year Amazon's Echo made global headlines when it was reported that consumers' conversations were recorded and heard by thousands of employees.
Now researchers at UTSA have conducted a review of the security holes that exist in popular smart-light brands. According to the analysis, the next prime target could be that smart bulb that shoppers buy this coming holiday season.
"Your smart bulb could come equipped with infrared capabilities, and most users don't know that the invisible wave spectrum can be controlled. You can misuse those lights," said Murtuza Jadliwala, professor and director of the Security, Privacy, Trust and Ethics in Computing Research Lab in UTSA's Department of Computer Science. "Any data can be stolen: texts or images. Anything that is stored in a computer."
Anindya Maiti, Murtuza Jadliwala. Light Ears: Information Leakage via Smart Lights[$]. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2019; 3 (3): 1 DOI: 10.1145/3351256
(Score: 1, Interesting) by Anonymous Coward on Friday October 25 2019, @11:44AM (9 children)
So, what we must do is generate open-ish hardware products that can be built with commodity parts from websites like SparkFun [sparkfun.com], AdaFruit [adafruit.com], and what-have-you by a hobbyist. Publish the recipes under create commons or which ever popular libre/socialist, GPL-compatible/inspired license would be applicable. No, we won't be able to achieve wafer thin iShit, but fuck iShit. Create a libre/socialist (GPL) software ecosystem for the Internet of Secure Things. (IoST, where the S stands for security, just like it does in IoT.)
There seems to be a demand here that the capitalist market in incapable of fulfilling in a way that respects the privacy and liberty of the end user.
(Score: 1, Funny) by Anonymous Coward on Friday October 25 2019, @11:57AM
I'm planting my own Ada tree, so I can get my Adafruit for free!
(Score: 3, Interesting) by canopic jug on Friday October 25 2019, @12:04PM (2 children)
A very difficult step there will be to get all the certifications needed so that such a bulb is approved as a consumer device and allowed to be sold, even in small quantities. You can bet that the proprietary bulb makers, who wish to facillitate planned obsolesence as well as lock out competition, would fight that. So would observing third parties, such as M$, which oppose consumer modding and even fight general purpose computing. However, if even one fully certified bulb hit the market with user-moddable or user-replaceable firmware, that would be enough to open the door and perhaps change the market completely.
Money is not free speech. Elections should not be auctions.
(Score: 1, Interesting) by Anonymous Coward on Friday October 25 2019, @03:46PM (1 child)
I think this is pointless fearmongering. These companies are unlikely to have much if any influence on the approval process.
What certifications do you need for a smart light bulb? Probably you need the country-appropriate stamp for mains powered equipment, since presumably the goal is to plug directly into the mains light socket, and you might need FCC or similar local regulatory approval for electronic equipment. In many cases you can self-certify FCC part 15 compliance which I believe should be pretty straightforward if you either don't include a radio or use one of the many self-contained commercial-off-the-shelf radio modules.
Basically you should just have to call up your favourite independent test lab such as Underwriters Laboratory or Intertek, tell them what countries you plan to sell in, they will help you decide what standards to test against and do that testing on a product sample provided. You get a nice report of the test results, and probably this takes a few iterations to resolve issues. Once passed, you get to put the zillion different approval stickers on your product and you're done. Other companies don't participate in this process which is between you and the test lab...
What you will need is money to pay for the independent testing. I would suggest crowdfunding is perfect for this.
(Score: 3, Informative) by canopic jug on Friday October 25 2019, @04:31PM
No, it's not. The ongoing fights against the Right to Repair are well documented. Firmware modding falls into that category. It's not just John Deere. M$ fights the right to repair, so does Apple [soylentnews.org], and pretty much any company that plans to get some short term gain by screwing purchasers [soylentnews.org].
Money is not free speech. Elections should not be auctions.
(Score: 2) by c0lo on Friday October 25 2019, @12:23PM (2 children)
Yeah, right, hobbyist with deep pockets. I prefer to buy uC, sensors and dev-boards on aliexpress, at least 3 to 4 times cheaper - made in Taiwan anyway.
Yeah, right! You're dreaming.
Wake up, what you suggest already happens and guess what? Only hobbyists chose to build them, mainly for themselves. Because, see, a hobbyist is a hobbyist, once he had his problem solved, he's not interested to start a business repeating the same design for mass production when there are so many other new designs to try or to invent.
He'll be happy to publish his design and software and what not, but he will not build it for you.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Mojibake Tengu on Friday October 25 2019, @01:19PM (1 child)
Hobbyists with deep pockets buy industrial grade electronics for (home) automation, not consumer grade. Yes, it is fun to build something practical from toy grade electronics too, but often at the cost of inferior electrical properties and unpredictable reliability. Would you rely on your cheap constructions with your life?
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by c0lo on Friday October 25 2019, @05:08PM
Sparkfun and Adafruit are as reliable as the Aliexpress stuff. Only 3-5 times as expensive.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by VLM on Friday October 25 2019, @12:59PM
The people that are getting powned are buying vertical silo devices that connect to big brother and nobody else over the internet.
Anyone who wants something useful has the opposite devices. My hass.io is firewalled off from the internet, has a zwave radio, and I could, if I wanted, buy standard compatible zwave bulbs that can't connect to the internet anyway but can connect to everything connected to my hass.io install, which is a lot of interaction.
Anyone who's capable of or interested in actually useful applications is already using the COTS FOSS(ish) solution and isn't going to care about replicating a slightly less shitty vertical silo.
Essentially what we have in home automation here is the old "BBS vs internet access" battle of the 90s being replayed. There's lots of TV commercials and free CDs for AOL, but nobody wants it and the wide open internet is more useful although there's no TV commercials for it. The more useless the commercial product the more likely there's marketing heavily pushing it because its so obviously useless.
Everybody actually DOING stuff with light bulbs as a UI is already using FOSS and zwave gear, not some internet connected big brother shit they won't have API access to anyway so they couldn't use it if they wanted.
(Score: 3, Touché) by epitaxial on Friday October 25 2019, @01:37PM
No thanks I'm going back to incandescent lights. Winter is on the way anyhow.