Researchers Discover Severe Security Flaws in Smart Light Bulbs
- Security researchers found a way to exfiltrate user data from a home network by abusing infrared light on smart bulbs.
- In the same way, they could also interact with other IoT devices that are in the range of the bulb.
- These products are very widely used nowadays, introducing a new attack surface for many people out there.
A team of researchers from the University of Texas at San Antonio (UTSA) has published a new study that revealed serious security flaws in smart light bulbs. This category of products gets more and more popular, with the Christmas holiday season being a time when their sales usually peak. According to the report, smart bulbs from reputable manufacturers come with infrared capabilities that can be abused by a hacker who knows how to do it. Users most probably don't even know that their smart bulbs can send messages through the invisible wave spectrum, so they are unlikely to realize anything in the case that they are victimized.
Many smart bulbs connect to a home network and communicate with other devices that are connected to that same network. This is done for control and setting purposes, as well as to support the “Smart” aspect of their functionality. Bluetooth, WiFi, using a central smart home hub or not, there are many different versions out there, and numerous ways to compromise each and every one of them. In the case of the infrared IoTs, hackers could send commands via infrared light that is emanated from the compromised bulbs and targeting other devices on the home network.
Among the various types of smart light bulbs that one can choose from, those that can emit infrared light are witnessing a sudden rise in their popularity, after people realized that this type of illumination can help security cameras during the nighttime greatly. Besides specialized use case scenarios, consumers just love the convenience of being able to change light color and intensity right from your smartphone app, so these products have grown to become very common in modern homes.
As the researchers point out, these products, unfortunately, act as a new attack surface for their users, and while these attacks are considered novel right now, they won’t continue to fall into the highly-sophisticated category for much longer. Two of the proof of concept examples showed that they could infer with smart speakers and video playback IoTs in the home of a smart bulb owner. The third example was the most severe, establishing a covert channel of exfiltration of the users’ private data. All that said, the threat is real, and the baton is now in the hands of the smart IoT manufacturers who are called to introduce additional protection measures.
Do you own a smart lightbulb? Have you noticed anything weird that you can share with us? Feel free to do so in the comments section down below, or on our socials, on Facebook and Twitter.