Smart bulbs are expected to be a popular purchase this holiday season. But could lighting your home open up your personal information to hackers?
Earlier this year Amazon's Echo made global headlines when it was reported that consumers' conversations were recorded and heard by thousands of employees.
Now researchers at UTSA have conducted a review of the security holes that exist in popular smart-light brands. According to the analysis, the next prime target could be that smart bulb that shoppers buy this coming holiday season.
"Your smart bulb could come equipped with infrared capabilities, and most users don't know that the invisible wave spectrum can be controlled. You can misuse those lights," said Murtuza Jadliwala, professor and director of the Security, Privacy, Trust and Ethics in Computing Research Lab in UTSA's Department of Computer Science. "Any data can be stolen: texts or images. Anything that is stored in a computer."
Anindya Maiti, Murtuza Jadliwala. Light Ears: Information Leakage via Smart Lights[$]. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2019; 3 (3): 1 DOI: 10.1145/3351256
(Score: 3, Interesting) by canopic jug on Friday October 25 2019, @12:04PM (2 children)
A very difficult step there will be to get all the certifications needed so that such a bulb is approved as a consumer device and allowed to be sold, even in small quantities. You can bet that the proprietary bulb makers, who wish to facillitate planned obsolesence as well as lock out competition, would fight that. So would observing third parties, such as M$, which oppose consumer modding and even fight general purpose computing. However, if even one fully certified bulb hit the market with user-moddable or user-replaceable firmware, that would be enough to open the door and perhaps change the market completely.
Money is not free speech. Elections should not be auctions.
(Score: 1, Interesting) by Anonymous Coward on Friday October 25 2019, @03:46PM (1 child)
I think this is pointless fearmongering. These companies are unlikely to have much if any influence on the approval process.
What certifications do you need for a smart light bulb? Probably you need the country-appropriate stamp for mains powered equipment, since presumably the goal is to plug directly into the mains light socket, and you might need FCC or similar local regulatory approval for electronic equipment. In many cases you can self-certify FCC part 15 compliance which I believe should be pretty straightforward if you either don't include a radio or use one of the many self-contained commercial-off-the-shelf radio modules.
Basically you should just have to call up your favourite independent test lab such as Underwriters Laboratory or Intertek, tell them what countries you plan to sell in, they will help you decide what standards to test against and do that testing on a product sample provided. You get a nice report of the test results, and probably this takes a few iterations to resolve issues. Once passed, you get to put the zillion different approval stickers on your product and you're done. Other companies don't participate in this process which is between you and the test lab...
What you will need is money to pay for the independent testing. I would suggest crowdfunding is perfect for this.
(Score: 3, Informative) by canopic jug on Friday October 25 2019, @04:31PM
No, it's not. The ongoing fights against the Right to Repair are well documented. Firmware modding falls into that category. It's not just John Deere. M$ fights the right to repair, so does Apple [soylentnews.org], and pretty much any company that plans to get some short term gain by screwing purchasers [soylentnews.org].
Money is not free speech. Elections should not be auctions.