At a time when hackers around the world are coming up with new ways to get control of electronic devices, a new study has found that they can hack on internet systems by entering the network through internet-of-things (IoT) based smart lightbulbs.
Researchers of Israel-based Check Point Institute for Information Security (CPIIS) revealed that these smart lightbulbs can be used by hackers to enter the IoT network and then can collect data from internet networks in homes, businesses, or even smart cities.
For this study, the researchers conducted experiments on the Philips Hue range of smart lightbulbs and found CVE-2020-6007 vulnerabilities that enabled hackers to infiltrate networks using either the WiFi network or ZigBee, a low-power wireless protocol used by IoT devices.
After infiltrating the network, the researchers were able to take control of the smart lightbulb. Moreover, they even tried to install malicious firmware and eventually were successful in doing so, thanks to the poor security algorithms of such devices. This firmware was further able to take control of the network ecosystem in which the device was associated with.
How IoT Devices Can Be Hacked
Initially, the hackers get access to control the colour or brightness of the bulb which makes a user think that the bulb is having some glitch. After that, they limit the user’s access to the smart lightbulbs, post which a user is left with no option but to reinstall the mobile application used to control these devices.
During this time period, the hacker installs the firmware in the smart bulb. Once a user reconnects his application to the device, the firmware then attacks the smartphone and enters the wider network ecosystem by infiltrating the IP network present in that home or business.
Yaniv Balmas, head of Cyber Research at Check Point Research told FutureIoT that while it is known that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as lightbulbs can be exploited by hackers and used to take over networks or plant malware.
In response to this vulnerability exposure, head of technology at Philips Hue George Yianni said that the Check Point discovery has allowed the company to develop and deploy the necessary patches to avoid any consumers being put at risk. “Furthermore, there are other perks to having automatic updates switched on. This includes ensuring you do not miss out on quality, security or performance improvements, as well as guaranteeing that your Hue System stays compatible with new Hue products,” Balmas was quoted as saying.
In 2019, a Trends Micro report which analysed dark web forums in five languages including Russian, Portuguese, English, Arabic, and Spanish found that manipulation of IoT devices makes for a major part of the dark web discussions.
The report noted that cybercriminals have a definite and diverse interest in IoT-related opportunities. Amidst these multiple requests, most requested hacking methods were for routers, webcams, and printers.