In Brief
  • Researchers have discovered some glaring weaknesses in some of our IoT devices that allow for worms to creep in and wreak havoc.
  • White hat hackers allow companies to fix these loophole prior to people with more dastardly intentions finding them.

An Old Enemy

When we talk about computer attacks, we think about the DDoS attacks that cripple websites every now and then, shutting down websites and placing people’s personal info at risk.

But an old enemy familiar to old computer users is now threatening the so-called Internet of Things (IoT). A new report warns that IoT devices may be at risk from computer worms, and allow hackers to infect thousands of devices from a single attack.

The researchers from Welzmann Institute of Science in Israel and Dalhousie University in Nova Scotia, Canada detail flaws in the ZigBee radio protocol which allows malware to get inside particular IoT devices that could springboard to other devices, even those outside the network.

The report focuses on the Phillips Hue lightbulbs, and includes videos of actual demonstrations of taking control of these devices. One video shows a drone using a USB stick to flicker an SOS message in Morse Code. The other video accomplishes the same, using a car driving 70 meters (230 ft) away.

But the researchers warned against bigger and badder attacks that exploit the same vulnerabilities. “The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes,” says the report.

A Virtual Plague

The researchers gave Phillips time to fix the holes in security before publishing the report. “We have assessed the security impact as low given that specialist hardware, unpublished software and close proximity to Philips Hue lights are required to perform a theoretical attack,” Phillips says to Mashable.

But given that devices like the Hue light bulb, the Echo dot, and other “smart home” devices are becoming more common, it’s a shame that nefarious people would seek to disrupt the ubiquity of the IoT. Ultimately it will take consumer demands to upgrade security in order to make our devices more secure.