Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday April 18 2017, @05:21PM   Printer-friendly
from the a-dark-day-in-tech dept.

Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack. To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already).

To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key (for each device type) that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.

A PDF of the paper is available here.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by nitehawk214 on Wednesday April 19 2017, @04:21PM (7 children)

    by nitehawk214 (1304) on Wednesday April 19 2017, @04:21PM (#496391)

    It could also eliminate flicker in LED lighting. I have a few LED bulbs at home, but most of them are nearly worthless because they interfere with one another. And are much worse when on a dimmer circuit.

    --
    "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
  • (Score: 2) by kaszz on Thursday April 20 2017, @01:30AM (6 children)

    by kaszz (4211) on Thursday April 20 2017, @01:30AM (#496646) Journal

    What kind of interference? if they output any 50-60 Hz spectrum in the optical output they are in my opinion not suitable as a regular light source.

    And dimming of florescent mini tubes or LED is done completely wrong. The (poor) solution that worked for incandescent lamps. There needs to be a separation of power and signal. It's time to do it properly, and wireless is just another bad solution.

    • (Score: 1) by nitehawk214 on Tuesday April 25 2017, @08:32PM (1 child)

      by nitehawk214 (1304) on Tuesday April 25 2017, @08:32PM (#499546)

      I agree that any flicker at all is unacceptable and wireless solutions are crap. I am not sure if it is 60hz or not, I just know that they are fine when alone on a 120v circuit and go completely to crap if there is more than one.

      I really kind of hate 120v LED lights though. I have thought about just installing a DC light circuit in my bathroom with a single LED driver for the entire room.

      --
      "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
      • (Score: 2) by kaszz on Wednesday April 26 2017, @01:19AM

        by kaszz (4211) on Wednesday April 26 2017, @01:19AM (#499745) Journal

        Just use a solar cell or a correctly biased light sensor diode to connected to a A/D or oscilloscope to measure flicker. Of course verify that it actually can handle up to 100 kHz.

    • (Score: 1) by nitehawk214 on Tuesday April 25 2017, @08:44PM (3 children)

      by nitehawk214 (1304) on Tuesday April 25 2017, @08:44PM (#499563)

      I watch a lot of BigCliveDotCom videos and he does a lot of teardowns of cheap LED lamps. I have a good idea at how terrible some of the AC-DC converters in these things are.

      --
      "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
      • (Score: 2) by kaszz on Wednesday April 26 2017, @01:21AM (2 children)

        by kaszz (4211) on Wednesday April 26 2017, @01:21AM (#499747) Journal

        What are the bad things discovered?

        • (Score: 1) by nitehawk214 on Tuesday May 02 2017, @09:07PM (1 child)

          by nitehawk214 (1304) on Tuesday May 02 2017, @09:07PM (#503156)

          Aside from the things that catch on fire, cheap capacitive droppers. And don't trust anything you buy on ebay that contains a battery.

          --
          "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
          • (Score: 2) by kaszz on Wednesday May 03 2017, @12:15AM

            by kaszz (4211) on Wednesday May 03 2017, @12:15AM (#503326) Journal

            Why is battery driven stuff so bad?

            Seems the stuff to really avoid is anything that needs security, like mains driven devices.