Criminals can “black out” homes using cyber attacks - switching out the lights and preventing users turning them back on, a researcher has warned.
The terrifying attack is possible due to a vulnerability in Philips “Hue” lighting systems, a popular gadget on sale in the Apple store.
Attackers could access the networked lights via Wi-Fi, then create what researcher Nitesh Dhajani describes as a “perpetual blackout”.
“If the victim manually switches the bulbs off and on, the lights will flicker on for less than half a second and then go off again,” Dhajani warns.
The hack is the latest in a series of demonstrations which show off how vulnerable “Smart” devices can be - with researchers recently showing off hacks which could overwhelm wireless door locks, of which there are more than 100,000 in the UK.
Another demonstration of a hack against Samsung televisions which allowed attackers to “look through” the webcam prompted calls from a U.S. Senator, Charles E Schumer, for increased protection.
“You expect to watch TV, but you don’t want the TV watching you,” Schumer said. “Many of these smart televisions are vulnerable to hackers who can spy on you while you’re watching tv in your living room.”
The Hue wireless system - on sale in Apple store - controls wireless LED light bulbs in the home via a wireless bridge, and can be controlled by iOS and Android apps.
But researcher Nitesh Dhanjani warns that attackers could “black out” all the Hue lights from nearby (any nearby location within reach of the same Wi-Fi network) by using malware to capture a security token that allows control of the system.
Dhanjani says that attackers could even control the system via the Hue website.
“By 2022, the average household with two teenage children will own roughly 50 such Internet connected devices, according to estimates by the Organization for Economic Co-Operation and Development,” Dhanjani says.
“Our society is starting to increasingly depend upon such devices to promote automation and increase our well being. As such, it is important that we begin a dialogue on how we can securely enable the upcoming technology.”
“Lighting is critical to physical security. Smart lightbulb systems are likely to be deployed in current and new residential and corporate constructions. An abuse case such as the ability of an intruder to remotely shut off lighting in locations such as hospitals and other public venues can result in serious consequences,” Dhanjani writes.