Philips issued a security patch, but the hack demonstrated how smart lighting systems could be compromised, causing a blackout.
Philips Hue Lights are extremely popular IoT devices, but a new paper, “IoT Goes Nuclear: Creating a ZigBee Chain Reaction” reveals they they are also a big security risk. In the paper, researchers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada described how they crafted a proof-of-concept attack targeting the smart lights. The attack, which exploits flaws in the ZigBee and Z-Wave wireless protocols, uses a worm to infect the lights and replace their firmware.
“The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes,” explained researchers Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten.
The lights were infected via wardriving and “warflying” with a drone, said the report. With the drone they were able to hack the lights from up to half a mile away. A side channel attack enabled them to extract the global AES-CCM key used to encrypt and authenticate new firmware. The researchers stated they were able to do this easily with just a few hundred dollars of readily available gear, and used the key to replace the light’s firmware with a fake, malicious version.
What can the attack do? The researchers said the worm would enable a hacker to brick an entire city’s smart lights. This is not reversible and the lights would need to be replaced. The attack could also allow a hacker to jam wireless networks. If enough lights were compromised, an entire city’s WiFi could be blocked. Even more serious, a hacker could make the lights go on and off multiple times in short amount of time. This could cause serious damage to the grid.
The researchers said they did contact Philips, who was responsive and issued a patch, but the experiment illustrated both the serious security issues that still exist with IoT devices and the catastrophic damage hacker using them could cause.