In an age where the battle between hackers and security companies keeps reaching new heights of extremity as each one attempts to match or stay ahead of developments in the other, there could be one industry which whilst an irritancy if affected, is almost so trivial when compared to other things that the mindset could range from ‘low-priority’ to ‘let them have this one’, if anyone actually bothered to try and breach the security in question.
That ‘potential new target’ for hackers, according to security researcher Nitesh Dhanjani, is Dutch company Philips’ new LED lightbulb brand ‘hue’, which he claims is ‘vulnerable to hacker intrusion’ and the end result being that users of the product (whether home or office) could end up sitting in a blackout.
This is due to the lightbulbs being controlled by an app, utilising an ‘authentication system’ that would be the main source of concern or access, depending on which side of the hack you are on. The method used would apparently be the criminals obtaining the lightbulb’s ‘MAC address’ via malware software, a combination which combined would allow them to control the lightbulb, primarily through switching it off and on.
There is of course no danger to any light owner’s digital files through this approach, and would merely have the parts of the effect of a powercut (and the ‘physical security’ homes face in such a situation), an issue which becomes further diminished with the fact that the Philips hue brand currently has limited presence and no ‘mainstream circulation’ worldwide, though it could grow into a wider problem in the future if more companies sell app-controlled lighting fixtures.
Dhanjani said of the results of his study: “…Lighting is critical to physical security. Smart lightbulb systems are likely to be deployed in current and new residential and corporate constructions. An abuse case such as the ability of an intruder to remotely shut off lighting in locations such as hospitals and other public venues can result in serious consequences.”
For something that appears to be the potential domain of a petty criminal, a ‘trainee’ in the field of malware usage, or a genius who could make the best possible use of any situation (a burglary perhaps suitable application for remotely killing the lights), will controlling lighting have any sort of impact on the security industry as a whole. No ‘how many’ jokes at the end of this lightbulb post, just one video explaining the bizarre potential security risk, and another to show a potential solution to that problem should you ever encounter it: