Stories
Slash Boxes
Comments

SoylentNews is people

Study Warns Of Security Gaps In Smart Light Bulbs

posted by Fnord666 on Friday October 25 2019, @10:48AM   Printer-friendly

Arthur T Knackerbracket has found the following story:

Smart bulbs are expected to be a popular purchase this holiday season. But could lighting your home open up your personal information to hackers?

Earlier this year Amazon's Echo made global headlines when it was reported that consumers' conversations were recorded and heard by thousands of employees.

Now researchers at UTSA have conducted a review of the security holes that exist in popular smart-light brands. According to the analysis, the next prime target could be that smart bulb that shoppers buy this coming holiday season.

"Your smart bulb could come equipped with infrared capabilities, and most users don't know that the invisible wave spectrum can be controlled. You can misuse those lights," said Murtuza Jadliwala, professor and director of the Security, Privacy, Trust and Ethics in Computing Research Lab in UTSA's Department of Computer Science. "Any data can be stolen: texts or images. Anything that is stored in a computer."

Anindya Maiti, Murtuza Jadliwala. Light Ears: Information Leakage via Smart Lights[$]. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2019; 3 (3): 1 DOI: 10.1145/3351256

Original Submission

 
This discussion has been archived. No new comments can be posted.
Study Warns Of Security Gaps In Smart Light Bulbs | Log In/Create an Account | Top | 31 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Funny) by theluggage on Friday October 25 2019, @02:14PM (1 child)

    by theluggage (1797) on Friday October 25 2019, @02:14PM (#911632)

    From TFA:

    If these same bulbs are also infrared-enabled, hackers can send commands via the infrared invisible light emanated from the bulbs to either steal data or spoof other connected IoT devices on the home network. The owner might not know about the hack because the hacking commands are communicated within the owner’s home Wi-Fi network, without using the internet.

    ...Jadliwala recommends that consumers opt for bulbs that come with a smart home hub rather than those that connect directly to other devices

    So... let's get this right... these bulbs hook up to my home WiFi, either use UPnP (Universal plug and pwn) to get a forwarded port, or 'dial out' to the manufacturers website (that is already 'no deal' but...) - so a hacker can crack the server/pull a MITM somehow (double no deal - sounds like my hone wifi is now pwned) and turn the lights on and off and hence... what? turn my TV on/off? Hack into my 10-year-old laptop that still has an IR port? That's like... "if somebody stabs you, blood might get into your watch and ruin it".

    Okaaay... so not exactly wrong, but missing the point somewhat... but then you say I can mitigate this by buying bulbs that work via a "smart hub" (because they never have any security/privacy problems... even with third-party apps)?

    Apparently you can get these little toggle/lever things that you fit on the wall, right by the door, that let you control the lights right when you walk in or out of the room... I believe there are even boxes of tricks that can turn on lights automatically when you walk in, use a remote control or even on a timer if you want to fool stupid burglars and that some of them - by some strange sorcery - don't need the internet at all!

    Starting Score:    1  point
    Moderation   +2  
       Informative=1, Funny=1, Total=2
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 0) by Anonymous Coward on Friday October 25 2019, @07:15PM

    by Anonymous Coward on Friday October 25 2019, @07:15PM (#911803)

    I downloaded and looked at the paper. The IR modulation stuff they are talking about is using it for data extraction:

    We show that such an attack can be accomplished by carefully manipulating and controlling (possible on modern smart lights) the infrared light to create a “covert-channel” between the smart light and an adversary with infrared sensing capability. With the help of a malicious agent on the user’s smartphone or computer, the adversary can encode private information residing on these devices and then later transmit it over the infrared covert-channel residing on the smart light.

    So, maybe relevant to James Bond, but I don't think you have anything to worry about unless you're letting him into your house.