Guest LilBambi Posted July 9, 2014 Share Posted July 9, 2014 Has your smart WiFi-enabled LED light bulb been hacked? - Hot For Security: More and more gadgets and devices around the home are leaping on the Internet of Things (IoT) bandwagon, and getting connected to the net. But are vendors treating security as a priority? That’s the question which has to be asked once again, after security researchers discovered a security weakness in a make of internet-enabled LED light bulb that can be controlled via a funky smartphone app. I think we were just talking about this the other day.... not about these 'smart' bulbs in particular, but security on the "Internet of Things" gadgets and whether the developers are even thinking about security ..best practices for encryption and thereby being a good neighbor on your local network. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 9, 2014 Share Posted July 9, 2014 Scary stuff but then again, the attacker has to be within wireless range(30ft) to perform the attack so you would have to be targeted. Hopefully as tech progresses, there will be much tighter security (We hope anyway). Of course, you could just wrap your windows with RF Shielding film hehe Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted July 9, 2014 Share Posted July 9, 2014 Wireless networking is something that you often want to be able to use out in your yard. RF Shield film and/or paint, would defeat that purpose. It also could even prevent wifi from reaching some areas of people's houses. Yes, the attacker has to be within Wireless but that is greater than 30' these days and that hasn't prevented wifi hacking in general. Also ... The increased range of 802.11n will mean fewer "dead spots" in homes served by a single Wi-Fi router. Once 802.11ac matures that will be increased further. These "Internet of Things" devices need to be worrying about and incorporating best practices for security and encryption now. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 9, 2014 Share Posted July 9, 2014 The bulbs do not work on a normal 802.11 router: It should be noted, since this attack works on the 802.15.4 6LoWPAN wireless mesh network, an attacker would need to be within wireless range, ~30 meters, of a vulnerable LIFX bulb to perform this attack, severely limiting the practicality for exploitation on a large scale. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted July 9, 2014 Share Posted July 9, 2014 30 Meters is equal to 98.4252 Feet! Nearly 100 feet is a much bigger distance than 30ft, of course. Scary stuff but then again, the attacker has to be within wireless range(30ft) to perform the attack so you would have to be targeted. Hopefully as tech progresses, there will be much tighter security (We hope anyway). Of course, you could just wrap your windows with RF Shielding film hehe BOLD emphasis mine. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 9, 2014 Share Posted July 9, 2014 30 Meters is equal to 98.4252 Feet! Nearly 100 feet is a much bigger distance than 30ft, of course. BOLD emphasis mine. Hehe, I missed that Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted July 9, 2014 Share Posted July 9, 2014 It happens to the best of us. Such is life. Quote Link to comment Share on other sites More sharing options...
ross549 Posted July 9, 2014 Share Posted July 9, 2014 Perhaps true, but the network is not one that would be accessible over then internet, unless an unsecure bridge module was used. This sounds a lot like an Insteon network to me. Adam 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 9, 2014 Share Posted July 9, 2014 That is what I was thinking Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted July 9, 2014 Share Posted July 9, 2014 6LoWPAN is an acronym of IPv6 over Low power Wireless Personal Area Networks.[1] 6LoWPAN is the name of a concluded working group in the Internet area of the IETF.[2] http://en.wikipedia.org/wiki/6LoWPAN A personal area network (PAN) is a computer network used for data transmission among devices such as computers, telephones and personal digital assistants. PANs can be used for communication among the personal devices themselves (intrapersonal communication), or for connecting to a higher level network and the Internet (an uplink). A wireless personal area network (WPAN) is a PAN carried over wireless network technologies such as: IrDA Wireless USB Bluetooth Z-Wave ZigBee Body Area Network The reach of a WPAN varies from a few centimeters to a few meters. A PAN may also be carried over wired computer buses such as USB and FireWire. http://en.wikipedia.org/wiki/Personal_area_network IEEE 802.15.4 is a standard which specifies the physical layer and media access control for low-rate wireless personal area networks (LR-WPANs). It is maintained by the IEEE 802.15 working group, which has defined it in 2003.[1] It is the basis for the ZigBee,[2] ISA100.11a,[3] WirelessHART, and MiWi specifications, each of which further extends the standard by developing the upper layers which are not defined in IEEE 802.15.4. Alternatively, it can be used with 6LoWPAN and standard Internet protocols to build a wireless embedded Internet. http://en.wikipedia.org/wiki/IEEE_802.15.4 Insteon (commonly written INSTEON) a registered tradename for a home automation networking technology that enables light switches, lights, thermostats, motion sensors, and other devices to interoperate through power lines, radio frequency (RF) communications, or both.[1] It employs a dual-band, mesh, networking topology[2] in which all devices are peers and each device autonomously transmits, receives, and repeats messages.[3] Insteon was invented by and is a trademark ofSmartlabs, Inc.. Every message received by an Insteon compatible device undergoes error detection and correction and is then repeated (retransmitted). All devices repeat the same message at the same time so that message transmissions collide synchronously, thus preserving the integrity of the message.[clarification needed] The power line AC frequency serves as the synchronization reference for message transmissions. The power line protocol uses phase-shift keying. http://en.wikipedia.org/wiki/Insteon Looking at those articles, sure looks like that's the case, Adam. Also very similar to X10, but I think Insteon is more stable and not as noisy...but not sure about that. Those types of networks can be hit too, but as you say, you need a bridge device which I think some do have built in to work with your own home network/router. But not all. Quote Link to comment Share on other sites More sharing options...
ross549 Posted July 9, 2014 Share Posted July 9, 2014 In the case of Insteon, if you want remote control via the internet, browser, or tablet, you need to get the bridge. It will work without it, though. Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted July 9, 2014 Share Posted July 9, 2014 Good to know, Adam. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.