‘Chain reaction’: Smart appliances vulnerable to remote hacking (VIDEO)

‘Chain reaction’: Smart appliances vulnerable to remote hacking (VIDEO)

International researchers have demonstrated how simple it is to hack into internet-connected appliances, often called the ‘Internet of Things.’ As connected devices proliferate around the world, so does the risk of hacking attacks and disruptions.

Last month’s massive distributed denial-of-service (DDOS) attack crashed or slowed down scores of major internet providers and services across the US. No information was compromised, but the disruption affected popular services such as Twitter and Spotify. The hacking group that claimed responsibility says it was a demonstration of vulnerability.

A new paper from cyber-security researchers at Israel’s Weizmann Institute of Science and Canada’s Dalhousie University shows that malicious hackers could cause a “nuclear chain reaction” by hacking into ‘smart’ lightbulbs or other popular IoT household devices.

“The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack,” wrote Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten in the paper, titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction.

The researchers exploited a flaw in the ZigBee wireless communication protocol to suborn Philips Hue lightbulbs. The protocol is also used by Nest thermostats and Logitech Harmony Ultimate home-control hubs, among other devices.

Using a flaw in Philips’ encryption to force a firmware update, the researchers delivered their worm to the lightbulbs and made them do their bidding.

“We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product,” the researchers wrote.

The first demonstration involved the researchers remotely activating lights inside a building, from a passing car some 70 meters (76 yards) away.

This was followed by a more ambitious hack, using a drone against a building hosting numerous security companies from a distance of 350 meters (380 yards).

The researchers noted several possible malicious applications of the hack, from ‘bricking’ the IoT devices and rendering them permanently disabled, to jamming the wireless networks across cities using test protocols to overwhelm the 2.4 GHz frequency commonly used by WiFi devices. Another possibility would be for hacked ‘smart lights’ in a city to simultaneously turn on and off multiple times, placing a strain on the electrical grid – or causing epileptic seizures among the vulnerable.



Add Comment

all comments

  Other news

more
Carmarthenshire mum-to-be gets armed escort to hospital

Carmarthenshire mum-to-be gets armed escort to hospital..

29-May, 12:00

Armed officers who spotted a speeding car in west Wales discovered a...

US lawmakers seek to reverse Trump’s $110bn arms deal with Saudi Arabia

US lawmakers seek to reverse Trump’s $110bn arms deal with Saudi Arabia..

29-May, 07:48

Top Republicans and Democrats in Congress have called for the...

Emmerdale's Lucy Pargeter introduces twin baby daughters Missy Mabel and Betsey Maggie and reveals terrifying moment at birth when babies 'weren't breathing'

Emmerdale's Lucy Pargeter introduces twin baby daughters Missy Mabel and Betsey Maggie and..

29-May, 11:24

In an exclusive shoot and interview with OK! Magazine, Lucy Pargeter...

Improving wheat yields by increasing grain size, weight

Improving wheat yields by increasing grain size, weight..

29-May, 11:48

Larger, heavier wheat kernels -- that's how associate professor Wanlong...

Former Hillary Clinton aide writing memoir

Former Hillary Clinton aide writing memoir..

19-Apr, 18:16

A former Hillary Clinton aide and speechwriter is writing a book about...

Marathon Oil and Community Health skid; MoneyGram soars

Marathon Oil and Community Health skid; MoneyGram soars..

14-Mar, 17:18

Stocks that moved substantially or traded heavily on Tuesday: MoneyGram...

Seoul: North Korea fires ballistic missile off east coast

Seoul: North Korea fires ballistic missile off east coast..

04-Apr, 19:24

South Korea says North Korea has fired a ballistic missile into the...

O'Reilly apologizes for jest about Maxine Waters' hair

O'Reilly apologizes for jest about Maxine Waters' hair..

29-Mar, 09:40

Fox News personality Bill O'Reilly apologized Tuesday for saying he had a...