Smart bulbs are expected to be a popular purchase this holiday season. But could lighting your home open up your personal information to hackers?
Earlier this year Amazon's Echo made global headlines when it was reported that consumers' conversations were recorded and heard by thousands of employees.
Now researchers at UTSA have conducted a review of the security holes that exist in popular smart-light brands. According to the analysis, the next prime target could be that smart bulb that shoppers buy this coming holiday season.
"Your smart bulb could come equipped with infrared capabilities, and most users don't know that the invisible wave spectrum can be controlled. You can misuse those lights," said Murtuza Jadliwala, professor and director of the Security, Privacy, Trust and Ethics in Computing Research Lab in UTSA's Department of Computer Science. "Any data can be stolen: texts or images. Anything that is stored in a computer."
Anindya Maiti, Murtuza Jadliwala. Light Ears: Information Leakage via Smart Lights[$]. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2019; 3 (3): 1 DOI: 10.1145/3351256
(Score: 4, Funny) by theluggage on Friday October 25 2019, @02:14PM (1 child)
From TFA:
So... let's get this right... these bulbs hook up to my home WiFi, either use UPnP (Universal plug and pwn) to get a forwarded port, or 'dial out' to the manufacturers website (that is already 'no deal' but...) - so a hacker can crack the server/pull a MITM somehow (double no deal - sounds like my hone wifi is now pwned) and turn the lights on and off and hence... what? turn my TV on/off? Hack into my 10-year-old laptop that still has an IR port? That's like... "if somebody stabs you, blood might get into your watch and ruin it".
Okaaay... so not exactly wrong, but missing the point somewhat... but then you say I can mitigate this by buying bulbs that work via a "smart hub" (because they never have any security/privacy problems... even with third-party apps)?
Apparently you can get these little toggle/lever things that you fit on the wall, right by the door, that let you control the lights right when you walk in or out of the room... I believe there are even boxes of tricks that can turn on lights automatically when you walk in, use a remote control or even on a timer if you want to fool stupid burglars and that some of them - by some strange sorcery - don't need the internet at all!
(Score: 0) by Anonymous Coward on Friday October 25 2019, @07:15PM
I downloaded and looked at the paper. The IR modulation stuff they are talking about is using it for data extraction:
So, maybe relevant to James Bond, but I don't think you have anything to worry about unless you're letting him into your house.