‘Chain reaction’: Smart appliances vulnerable to remote hacking (VIDEO)

‘Chain reaction’: Smart appliances vulnerable to remote hacking (VIDEO)

International researchers have demonstrated how simple it is to hack into internet-connected appliances, often called the ‘Internet of Things.’ As connected devices proliferate around the world, so does the risk of hacking attacks and disruptions.

Last month’s massive distributed denial-of-service (DDOS) attack crashed or slowed down scores of major internet providers and services across the US. No information was compromised, but the disruption affected popular services such as Twitter and Spotify. The hacking group that claimed responsibility says it was a demonstration of vulnerability.

A new paper from cyber-security researchers at Israel’s Weizmann Institute of Science and Canada’s Dalhousie University shows that malicious hackers could cause a “nuclear chain reaction” by hacking into ‘smart’ lightbulbs or other popular IoT household devices.

“The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack,” wrote Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten in the paper, titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction.

The researchers exploited a flaw in the ZigBee wireless communication protocol to suborn Philips Hue lightbulbs. The protocol is also used by Nest thermostats and Logitech Harmony Ultimate home-control hubs, among other devices.

Using a flaw in Philips’ encryption to force a firmware update, the researchers delivered their worm to the lightbulbs and made them do their bidding.

“We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product,” the researchers wrote.

The first demonstration involved the researchers remotely activating lights inside a building, from a passing car some 70 meters (76 yards) away.

This was followed by a more ambitious hack, using a drone against a building hosting numerous security companies from a distance of 350 meters (380 yards).

The researchers noted several possible malicious applications of the hack, from ‘bricking’ the IoT devices and rendering them permanently disabled, to jamming the wireless networks across cities using test protocols to overwhelm the 2.4 GHz frequency commonly used by WiFi devices. Another possibility would be for hacked ‘smart lights’ in a city to simultaneously turn on and off multiple times, placing a strain on the electrical grid – or causing epileptic seizures among the vulnerable.



Add Comment

all comments

  Other news

more
Burning boats

Burning boats..

26-Jul, 23:41

Outside Libyan waters, it has deployed military vessels to disrupt the...

Man arrested after live cobras found inside potato chip cans

Man arrested after live cobras found inside potato chip cans..

26-Jul, 15:20

A California man was arrested after a package addressed to him was found...

California independence 1 step closer as AG paves way for potential 2018 ‘referendum’

California independence 1 step closer as AG paves way for potential 2018 ‘referendum’..

26-Jul, 07:10

A new California independence campaign has got the go ahead to collect...

Ohio puts child killer to death with controversial lethal injection drug

Ohio puts child killer to death with controversial lethal injection drug..

26-Jul, 16:30

Ohio carried out its first execution in more than three years as child...

Trump's 'deportation force' begins to take shape

Trump's 'deportation force' begins to take shape..

14-Apr, 12:48

President Trump's campaign promise for more aggressive immigration...

New EPA head's emails indicate close ties to oil and gas producers

New EPA head's emails indicate close ties to oil and gas producers..

22-Feb, 18:02

More than 7,000 pages of emails from Environmental Protection Agency head...

Prince William, Princess Kate face off in rowing competition

Prince William, Princess Kate face off in rowing competition..

20-Jul, 16:11

Prince William won bragging rights today in Heidelberg, Germany, as his...

Stabbed London Bridge officer tells of fighting attackers

Stabbed London Bridge officer tells of fighting attackers..

28-Jun, 17:24

A British Transport Police officer who fought off three extremists in...