Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday April 18 2017, @05:21PM   Printer-friendly [Skip to comment(s)]
from the a-dark-day-in-tech dept.

Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack. To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already).

To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key (for each device type) that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.

A PDF of the paper is available here.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 1, Informative) by Anonymous Coward on Tuesday April 18 2017, @05:32PM (2 children)

    by Anonymous Coward on Tuesday April 18 2017, @05:32PM (#495922)
    • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @06:14PM

      by Anonymous Coward on Tuesday April 18 2017, @06:14PM (#495942)

      ... it's hyperbolic metaphor!

      I got a solution! Fuck every Thing. Fuck them all to death!

    • (Score: 2) by Gaaark on Tuesday April 18 2017, @06:46PM

      by Gaaark (41) on Tuesday April 18 2017, @06:46PM (#495959) Journal

      I prefer 'Nookie u n me'.

      Wait... are you female?
      If not, yeah, nookular is fine.
      Yuuuuup!

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
  • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @06:22PM

    by Anonymous Coward on Tuesday April 18 2017, @06:22PM (#495946)

    All of your IoT are belong to me, including those personal pleasure IoT devices. W-w-w-whoopee!

  • (Score: 4, Funny) by Gaaark on Tuesday April 18 2017, @06:41PM (7 children)

    by Gaaark (41) on Tuesday April 18 2017, @06:41PM (#495955) Journal

    From the bottom of the SoylentNews page:
    Luke, I'm yer father, eh. Come over to the dark side, you hoser. -- Dave Thomas, "Strange Brew"

    How did we survive without the internet?
    How did we survive without beer in a bottle?
    How did we survive without a mouse in our beer bottle? (and can you still get a free case of beer for this???)
    Before the mouse, the internet was just a small thing.
    The internet is now everything.

    I wish someone would hack my porn folder and put something interesting there: you know; love, kissing, touching, drinking beer without mice in the bottle. My wife would call me Bob, or Doug, or Bob AND Doug.... I'd wow her with my DOS skillz.
    The mouse would run over her body, tickling her and, strangely, thrilling her.

    I'd whisper the name "Elsinore" into her delicate ear and she'd smile and go down on me.
    Then i'd go down on her.

    DAMN!.... WHO NEEDS THE IOT WHEN YOU'VE GOT AN IMAGINATION!!! :)

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @06:54PM

      by Anonymous Coward on Tuesday April 18 2017, @06:54PM (#495961)

      Canadians! Socialized medicine, but no mental health care?

    • (Score: -1, Offtopic) by Anonymous Coward on Tuesday April 18 2017, @06:54PM

      by Anonymous Coward on Tuesday April 18 2017, @06:54PM (#495962)

      +1, Ramblings of a madman

    • (Score: 2) by WillR on Tuesday April 18 2017, @06:58PM

      by WillR (2012) on Tuesday April 18 2017, @06:58PM (#495965)

      How did we survive without a mouse in our beer bottle? (and can you still get a free case of beer for this???)

      Can't say, but I do know you can go viral on twitter and all the clickbait sites if you find a bat in your spinach. What's 15 minutes of fame worth?

      (Probably less than a case of beer. Almost certainly less than a case of really good beer.)

    • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @07:01PM (3 children)

      by Anonymous Coward on Tuesday April 18 2017, @07:01PM (#495968)

      Before the internet we had radio. In July.

      Why? That doesn’t make any sense. Sorry. There’s no known way of saying an English sentence in which you begin a sentence with “in” and emphasize it. Get me a jury and show me how you can say “in July” and I’ll… go down on you. That’s just idiotic, if you’ll forgive me by saying so.
      That’s just stupid. “In July”?
      I’d love to know how you emphasize “in” in “in July”… Impossible! Meaningless!
      He isn’t thinking.
      Yeah.
      You didn’t say it. He said it.
      Your friend. “Every July”?
      No, you don’t really mean “every July”?
      But that’s–that’s bad copy. It’s in July. Of course it’s every July! There’s too much directing around here.

      • (Score: 4, Funny) by Gaaark on Tuesday April 18 2017, @08:30PM (1 child)

        by Gaaark (41) on Tuesday April 18 2017, @08:30PM (#496001) Journal

        Before the remote control tv, we had to change the channels WITH OUR TOES!!

        IN JUNE!!!

          But still she wanted me. She dripped coffee all over her table cloths (made of cotton and some twizzle sticks), which she cleaned up with her cat.

        And all this, in June.
        So there.
        Beat that, with a blade of grass held between your thumbs, so that when you blow into it, the grass makes a whoooiiiizzz sound.

        Let's see an AI troll make sense of this, in Disneyland.
        In August.
        I have a cunning plan.
        Hillary Clinton has a hairy bum, which Trump says is orange. (Barack vs Baldrick... why am i surprised by bananas).

        --
        --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
        • (Score: 2) by VLM on Tuesday April 18 2017, @09:21PM

          by VLM (445) Subscriber Badge on Tuesday April 18 2017, @09:21PM (#496023)

          I think Gaaark is trying to buffer overflow us so we end up blinking SOS like the article. Who knows might work. I can't believe Snow Crash was published in '92 and thats getting to be a long time ago. And yes, Snow Crash is on topic, although in the article I think they used a more modern exploit than ancient Sumerian.

      • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @09:15PM

        by Anonymous Coward on Tuesday April 18 2017, @09:15PM (#496018)

        in this article "in" was empahized ! or ?

  • (Score: 2) by bob_super on Tuesday April 18 2017, @07:30PM (28 children)

    by bob_super (1357) on Tuesday April 18 2017, @07:30PM (#495979)

    I exclusively use remote-controlled light bulbs which can only be tampered with using a physical-access attack at the AC or switch layer.
    Some of them don't even require our pretty weak system key.

    Burn, IoT, burn! My microwave doesn't have a camera, so i'll keep having popcorn!

    • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @07:41PM

      by Anonymous Coward on Tuesday April 18 2017, @07:41PM (#495982)

      AC rush kekekekekeke

    • (Score: 2) by kazzie on Tuesday April 18 2017, @08:21PM (23 children)

      by kazzie (5309) Subscriber Badge on Tuesday April 18 2017, @08:21PM (#495997)

      Burn, IoT, burn! My microwave doesn't have a camera, so i'll keep having popcorn!

      Why do you need a microwave? Just wait for your neighbours' devices to start burning, and put a saucepan of corn kernels on top. (Add salt and butter to taste.)

      • (Score: 3, Interesting) by VLM on Tuesday April 18 2017, @08:57PM (22 children)

        by VLM (445) Subscriber Badge on Tuesday April 18 2017, @08:57PM (#496010)

        Speaking of burning devices I was mildly annoyed that my "high power" LED bulb in my garage door opener burnt out after about 2 years of use last week and I replaced it and I guess I'm out $10 which kinda sucks because originally LEDs were sold as "sure they cost 10 times as much as old bulbs but they gonna last 20 years so in the long run you'll save lots of money" well I guess they only last about two.

        The point of this rant is I was mildly pissed off about a $10 burned out light bulb but I see the Hue bulbs are $50 a piece so you can imagine the annoyance when someone gets powned and loses maybe $500 worth of bulbs due to lack of security.

        I mean, my PC gets powned, I can reinstall and lose no money other than labor. But as the IOT creeps into furnaces and air conditioners and ovens people are going to start losing thousands of dollars at a time, which will be fun to watch... pass the popcorn...

        • (Score: 2) by c0lo on Tuesday April 18 2017, @09:06PM (9 children)

          by c0lo (156) Subscriber Badge on Tuesday April 18 2017, @09:06PM (#496014) Journal

          "high power" LED bulb in my garage door opener burnt out after about 2 years of use

          Yes, the LED will last 20 years, provided it's properly cooled. Too bad the radiator the LED is mounted on (or the thermal contact grease) is planned to obsolesce in 1 year.

          Like a tent of "UV-oblivious" fabric, sewn with a thread that dissolves at the first rain.

          --
          https://www.youtube.com/watch?v=aoFiw2jMy-0
          • (Score: 2) by VLM on Tuesday April 18 2017, @09:18PM (8 children)

            by VLM (445) Subscriber Badge on Tuesday April 18 2017, @09:18PM (#496022)

            I think thermal shock killed it as we're nowhere near peak summer temps. Just one too many temp cycles. Which is what kills most old fashioned bulbs too...

            • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @10:11PM (7 children)

              by Anonymous Coward on Tuesday April 18 2017, @10:11PM (#496045)

              Not only the above, but all except the best quality LEDs flicker. Something to do with rectifiers and the AC to DC conversion. You'd probably know more about it than me; I'm not an EE type. Check youtube for slow-motion videos of LEDs flickering.

              I started buying CFLs the moment they became available, and I haven't looked back. I've been very satisfied. Somehow I've avoided all these CFLs that take minutes to warm up, must be by pure chance since I tend to buy whatever's cheapest with the color temperature and wattage I want.

              (Also helps not to think in terms of "ok, this is a 100W replacement"--it's a 21W or 23W or w/e bulb. It pulls 21W/23W/w/e. And I have never met a CFL that's as bright as the incandescent it's supposed to replace. If I want to replace a 75W incandescent, I get a 100W replacement CFL. Marketing FAIL, but that's why people who can do and people who can't go into marketing.)

              No experience with dimming bulbs here.

              • (Score: 2) by kaszz on Wednesday April 19 2017, @01:38AM

                by kaszz (4211) on Wednesday April 19 2017, @01:38AM (#496096) Journal

                The problem with watt equivalence is that everyone has their own conversion factors and those are based on very specific cases of technology. So it ends up being a big mess. What you need to look for is *lumens*.

                Adding to that comparison complication is the beam pattern and spectrum mismatching.

              • (Score: 1) by Scruffy Beard 2 on Wednesday April 19 2017, @01:39AM

                by Scruffy Beard 2 (6030) on Wednesday April 19 2017, @01:39AM (#496097)

                CFLs die if you put them in an enclosed fixture: even if that fixture came included at the factory to hide that it was a CFL bulb.

                LED circuitry has essentially the same temperature target (~40C). Enclosed fixtures are merely designed to keep the temperature below about 105 or 125C.

                Even though the new lights use less power, the fixture is not able to cool as well at lower temperatures [wikipedia.org] (radiation is proportional to absolute temperature raised to the 4th power).

              • (Score: 0) by Anonymous Coward on Wednesday April 19 2017, @10:00AM

                by Anonymous Coward on Wednesday April 19 2017, @10:00AM (#496220)

                I can't stand flicker, thankfully not all LED bulbs do that. Even cheap ones can be okay, I bought some decent 1000+ lumen ones for 6,90€ the other day, but you can also pay >20€ a pop and still get flickering pieces of shit for your money. If they are on display and you can't tell if they flicker or not because of ambient lighting, you can use a phone camera to check. The rolling shutter effect will cause moving bright and dark stripes to show up as long as the exposure time is sufficiently short relative to the frequency of the flicker.

                BTW incandescents and particularly halogen bulbs flicker too. Good CFLs and LEDs are much better.

              • (Score: 1) by WillR on Wednesday April 19 2017, @03:38PM (3 children)

                by WillR (2012) on Wednesday April 19 2017, @03:38PM (#496361)

                Check youtube for slow-motion videos of LEDs flickering.

                Or lawfully acquire (*cough*) any episode of Top Gear from about the last 5 years. All the high end cars they test drive have LED running lights, and most of them flicker quite clearly in the "sexy super slow-mo" shots.

                • (Score: 2) by kazzie on Thursday April 20 2017, @05:53AM (2 children)

                  by kazzie (5309) Subscriber Badge on Thursday April 20 2017, @05:53AM (#496709)

                  I've seen such flashing LEDs on Top Gear, but why are they flashing? Car electrics run off a DC battery, so they don't need a built-in rectifier.
                  (Surely it's not caused by the rectified output of the alternator, I'd expect the battery to smooth out that ripple.)

                  • (Score: 2, Insightful) by WillR on Thursday April 20 2017, @04:08PM (1 child)

                    by WillR (2012) on Thursday April 20 2017, @04:08PM (#496907)
                    The only thing I can think of is they must be driving the LEDs with PWM instead of constant-current DC. Why? I have no idea...
                    • (Score: 2) by kazzie on Thursday April 20 2017, @05:26PM

                      by kazzie (5309) Subscriber Badge on Thursday April 20 2017, @05:26PM (#496946)

                      I think you've got it there. Here's a datasheet [ti.com] for a PWM-based driver for automotive daytime running lights and an aftermarket unit for sale online [amazon.co.uk].

                      It seems that the lights are dimmable for low intensity during the day, and full power at night.

        • (Score: 2) by bob_super on Tuesday April 18 2017, @09:36PM (10 children)

          by bob_super (1357) on Tuesday April 18 2017, @09:36PM (#496032)

          Yep, you can blink the LED components at tens of kiloHertz for decades, but the power supply in consumer-grade bulbs has an MTBF of a year or two...

          I have two cheap LED bulbs in two bedrooms, and turning them both on causes them to flicker. Great job covering EMC/EMI, Mr cheap Chinese manufacturer who gets to stamp UL/CE on it anyway...

          • (Score: 1) by nitehawk214 on Tuesday April 18 2017, @11:07PM (9 children)

            by nitehawk214 (1304) on Tuesday April 18 2017, @11:07PM (#496061)

            I wonder if DC home power distribution for a lights circuit would help?

            --
            "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
            • (Score: 2) by kaszz on Wednesday April 19 2017, @01:41AM (8 children)

              by kaszz (4211) on Wednesday April 19 2017, @01:41AM (#496099) Journal

              I would say the problem is power converters that don't use frequencies in the kHz range but instead do cheap tricks using the mains frequency.

              Local DC power can eliminate the legal requirement for a electrician in some cases, reduce the overall power losses in conversion and reduce electromagnetic interference. If one wants to have backup power it makes things easier for sure.

              • (Score: 1) by nitehawk214 on Wednesday April 19 2017, @04:21PM (7 children)

                by nitehawk214 (1304) on Wednesday April 19 2017, @04:21PM (#496391)

                It could also eliminate flicker in LED lighting. I have a few LED bulbs at home, but most of them are nearly worthless because they interfere with one another. And are much worse when on a dimmer circuit.

                --
                "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
                • (Score: 2) by kaszz on Thursday April 20 2017, @01:30AM (6 children)

                  by kaszz (4211) on Thursday April 20 2017, @01:30AM (#496646) Journal

                  What kind of interference? if they output any 50-60 Hz spectrum in the optical output they are in my opinion not suitable as a regular light source.

                  And dimming of florescent mini tubes or LED is done completely wrong. The (poor) solution that worked for incandescent lamps. There needs to be a separation of power and signal. It's time to do it properly, and wireless is just another bad solution.

                  • (Score: 1) by nitehawk214 on Tuesday April 25 2017, @08:32PM (1 child)

                    by nitehawk214 (1304) on Tuesday April 25 2017, @08:32PM (#499546)

                    I agree that any flicker at all is unacceptable and wireless solutions are crap. I am not sure if it is 60hz or not, I just know that they are fine when alone on a 120v circuit and go completely to crap if there is more than one.

                    I really kind of hate 120v LED lights though. I have thought about just installing a DC light circuit in my bathroom with a single LED driver for the entire room.

                    --
                    "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
                    • (Score: 2) by kaszz on Wednesday April 26 2017, @01:19AM

                      by kaszz (4211) on Wednesday April 26 2017, @01:19AM (#499745) Journal

                      Just use a solar cell or a correctly biased light sensor diode to connected to a A/D or oscilloscope to measure flicker. Of course verify that it actually can handle up to 100 kHz.

                  • (Score: 1) by nitehawk214 on Tuesday April 25 2017, @08:44PM (3 children)

                    by nitehawk214 (1304) on Tuesday April 25 2017, @08:44PM (#499563)

                    I watch a lot of BigCliveDotCom videos and he does a lot of teardowns of cheap LED lamps. I have a good idea at how terrible some of the AC-DC converters in these things are.

                    --
                    "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
                    • (Score: 2) by kaszz on Wednesday April 26 2017, @01:21AM (2 children)

                      by kaszz (4211) on Wednesday April 26 2017, @01:21AM (#499747) Journal

                      What are the bad things discovered?

                      • (Score: 1) by nitehawk214 on Tuesday May 02 2017, @09:07PM (1 child)

                        by nitehawk214 (1304) on Tuesday May 02 2017, @09:07PM (#503156)

                        Aside from the things that catch on fire, cheap capacitive droppers. And don't trust anything you buy on ebay that contains a battery.

                        --
                        "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
                        • (Score: 2) by kaszz on Wednesday May 03 2017, @12:15AM

                          by kaszz (4211) on Wednesday May 03 2017, @12:15AM (#503326) Journal

                          Why is battery driven stuff so bad?

                          Seems the stuff to really avoid is anything that needs security, like mains driven devices.

        • (Score: 2) by kaszz on Wednesday April 19 2017, @01:50AM

          by kaszz (4211) on Wednesday April 19 2017, @01:50AM (#496103) Journal

          The main problem with LED lamps asfaik is heat and unclean power. The main component that is prone to bad design is the power converter which usually lack good cooling. Just opening the lamp and separate the converter and LED onto some wide conducting plate together with thermal grease would help a lot. The LED component of course also needs cooling but usually it's good enough in many cases. As always make absolutely sure that the mains power have no path to any touchable parts.

          The unclean power can be handled with components that cuts out fast transients like MOV and zener diodes. Powering the lamps from a beefy power supply to a local DC power network can also dampen transients through all the energy storage and impedance the converters and wires make up.

          One simple trick can actually be to drill small holes into the bulb!

    • (Score: 2) by kaszz on Wednesday April 19 2017, @01:52AM (2 children)

      by kaszz (4211) on Wednesday April 19 2017, @01:52AM (#496104) Journal

      Your lamps are controlled via high frequencies mixed into the power wires?

      That can allow your neighbors or any outdoor attacker to exploit electrical outdoor poles.

      • (Score: 2) by bob_super on Wednesday April 19 2017, @02:14AM (1 child)

        by bob_super (1357) on Wednesday April 19 2017, @02:14AM (#496111)

        60Hz isn't very high.
        And yes, someone tinkering with the buried transformer can definitely disable my lighting.

        • (Score: 2) by kaszz on Wednesday April 19 2017, @02:43AM

          by kaszz (4211) on Wednesday April 19 2017, @02:43AM (#496115) Journal

          Think outside wires in the air on poles. And inductive or aerial coupling.. beep beep lights out.

  • (Score: -1, Offtopic) by Anonymous Coward on Tuesday April 18 2017, @09:23PM

    by Anonymous Coward on Tuesday April 18 2017, @09:23PM (#496024)

    this is an old article.
    the factory can make "faulty" lightbulbs faster then you can hide your very obvious smirk from the violated neighborhood. meaning, people dont care if you can hack their very convinent lightbuob, because the argument at your trial will be: how does this make YOUR life better ans, second, why didnt you lazy fuck make it produced better .. in amerika? crazy 20 life ending years in prison for you, lol.

  • (Score: 2) by kaszz on Wednesday April 19 2017, @01:55AM

    by kaszz (4211) on Wednesday April 19 2017, @01:55AM (#496106) Journal

    Once all these unsecured IoT things are out in the public together with communication that is independent of internet. They are just like dry grass waiting for someone to lit it.

(1)