Is a smart light bulb the key in the hands of a hacker?
I threw the smart light bulb in the trash and then was surprised that all my personal data was in the public domain. Tempting, isn't it? But this is quite real and can happen to every connoisseur of new technologies.
The content of the article
What is special about a smart light bulb?
This term is usually used to describe all light bulbs that are capable of at least some “independent” actions. Such “independence” is achieved with the help of control systems, including receivers, microcontrollers and sensors.
With sensors, everything is simple and even very safe - the light bulb can respond to noise, light levels, infrared radiation or even movement. The entire “intelligence” of the simplest control systems is focused on turning on the light at the right moment, and the signals received from the sensors simply indicate that this moment has arrived.
But such simplicity is slowly becoming a thing of the past. And it is being replaced by programmable light bulbs that can turn on according to a schedule, shoot video or record sound, change the intensity of the glow or even its color scheme.
Nice bonuses, right? Especially when you consider that to control all this variety of functions, you just need to download the application to your smartphone or laptop, and then unlock the full potential of smart light bulbs using an intuitive interface.
But this is where the fun begins: the light bulb can be controlled via Bluetooth or Wi-Fi.The first option seduces with its safety, but it is slowly becoming obsolete due to its modest range and limited capabilities.
And here Connecting to a Wi-Fi wireless network removes all restrictions, allowing manufacturers to constantly expand the range of capabilities of smart light bulbs. But these same manufacturers rarely bother with safety (apparently due to the desire to reduce the cost of their products). What does this mean?
Hacking experiment
In 2018, representatives of the Limited Results website clearly demonstrated the capabilities of a device that ended up in the hands of hackers. These guys, without further ado, purchased a LIFX light bulb, connected it to Wi-Fi, configured it, turned it off and disassembled it.
Having reached the board, the specialists connected it to the interface converter and began to study it. The test result was “pleasant”: Access to the wireless network was stored in the clear, in no way protected from outside interference. The same applies to the root certificate and the RSA private key.
Interestingly, this was just another test demonstrating the ability to perform the trick with light bulbs from all manufacturers. Representatives of the above-mentioned site also checked the Tuya product in the same way.
Other specialists picked up the idea, starting to massively test products from various manufacturers. And the results of their research were no different: a used light bulb always makes it possible to connect to the home network of its former owners. What could this lead to?
From small pranks to collapse
An attacker who gains access to a home wireless network has the ability to control all devices connected to it. And it’s good if among them there are only a few smart light bulbs: you can simply unscrew them, upset by the constant winking caused by the ill-wisher. Well, what if cameras, electronic locks, security alarms and other “representatives” of a smart home are connected to the same network?
That's right: breaking into an apartment, recording a compromising video, and similar “pranks” can seriously damage the financial and mental well-being of the former owners of a smart light bulb.
Well, what happens if we continue the logical experiment, taking into account the fairly common habit of using the same password everywhere, from social network accounts to bank accounts? The prospects are bleak, since the hypothetical attacker already has the password to access all these pages.
But does this mean that only those who have not bothered with the variety and complexity of passwords should be afraid of connecting to their home network? Not at all. You should also not rely on the fact that the comparative “poverty” of the person who threw away the smart light bulb will serve as a conditional protection from hackers.
The notorious “goal like a falcon” will help only if the attacker is looking for an easy way to make money. But if he is looking for a way to protect himself by planning large-scale illegal actions, he will not care deeply about your well-being. He will simply connect to your network and do his job (hack the banking system, send out extremist materials, or do some other nasty thing that pleases him).
well and services conducting an investigation into a crime will first contact the person through whose network the illegal act was committed. And then prove that “my house is on the edge.” Even if the investigation moves forward, a lot of time will pass until the experts prove your innocence.
How to protect yourself
It is important to understand that the above information is not a call to abandon smart light bulbs - progress is moving forward and it would be stupid to deprive yourself of its benefits. Especially considering that such security problems are a common feature of most devices that interact with a Wi-Fi wireless network.
The purpose of this article is only a warning: there may be trouble. Well, to warn her, it’s enough just to take the definition of “junk” a little more seriously and devalue the thrown away electronics in the eyes of criminals. How? Yes, very simple - finish off the smart light bulb with a hammer, destroying the circuit board, and only then throw it in the trash.
