#CyberFLASH: Researchers hack Philips Hue lights via a drone; IoT worm could cause city blackout

philips-hue-100692511-large

Every once in a while, you read about an attack which has the potential for especially concerning consequences. Since reading about an IoT worm that could unleash all sorts of chaos, it’s come to mind again and again. Then it hit the radar of cryptographer and security pro Bruce Schneier. He wrote, “This is exactly the sort of Internet-of-Things attack that has me worried.”

Researchers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada didn’t just theorize about the possibility of an IoT worm; using a few hundred dollars of readily available equipment, they created a proof of concept attack to exploit Philips Hue smart light bulbs.

Researchers have been taking aim at both ZigBee and Z-Wave wireless protocols for years. Hue light bulbs communication via the ZigBee protocol. Any new firmware is delivered via Over The Air (OTA) updates. In the researchers’ attack, the worm replaces the firmware.

In the paper, “IoT Goes Nuclear: Creating a ZigBee Chain Reaction” (pdf), researchers “describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.