Philips Hue and Lifx smart bulbs could be easily hacked
A team of digital forensics specialists from the University of Texas released a report detailing a method used by threat actors to hack smart bulbs and extract information from the smart home environment where these devices are connected, including images and videos from security cameras and other devices, such as smartphones or laptops.
The attack is considerably serious, as the
commands needed to execute it are entered using the WiFi networks of a smart
home, so victims will find no signs of abnormal activity.
According to digital forensics experts, a smart
bulb allows the user to modify the light intensity, change the color or set a
turn off time using a mobile app or other devices with an Internet connection.
Among the devices analyzed by the experts are Philips Hue, Ikea’s Trådfri, and
Lifx’s smart bulbs.
Most smart bulbs feature infrared technology to fulfill some of their functions. According to this report, a hacker could abuse this feature to extract information from devices connected to the same network as the smart bulb, creating a “secret communication channel” between the targeted bulb and infrared signal detection equipment controlled by the hacker.
Experts add that extracting information
requires remote installation of a malware variant on the victim’s smartphone or
computer; thanks to this, the hacker will be able to access sensitive data that
would be encoded and subsequently transmitted via the secret infrared channel
mentioned above.
To make the situation a little worse, many of
these devices do not request authorization of any kind to be controlled, so any
such mobile application can communicate with any smart bulb, experts add.
International Institute of Cyber Security
(IICS) digital forensics specialists claim that most users ignore that their
smart bulbs feature infrared capabilities, as well as ignore the fact that any
user with the sufficient knowledge can take control of this invisible spectrum.
Virtually any file stored on the target user’s devices is exposed, so experts
strongly ask manufacturer companies to establish better security measures for
this kind of devices.
Gloss