We knew that this day would come, which would highlight the insecurity that exists in many of the Internet devices or IoT. Which as we saw a few days ago were the heroes of a great DDoS attack. An army of IP cameras and devices Recorders were responsible for some of the most popular internet services will stop working for a few hours.
The so-called “smart” light bulbs like Philips Hue have already been hacked targets in the past. Where even though you need to be in a rather complicated situation, the vulnerability is there. On this occasion we will see how a group of hackers, of the so-called white-hat, show a new vulnerability that has nothing to do with what was shown in the past, since to take control of the device a drone is needed.
You only need one drone and malicious firmware
Due to the hacks that have suffered these bulbs, Phillips has updated the security to make this work more complicated, besides that it is necessary to be in front of a scenario where the attacker needs to be in the same network as the light bulbs and to have control of a computer Local, which makes it a complex and almost impossible task.
Now this new vulnerability does not require that kind of access. Since you only need to trick the light bulbs into accepting a WiFi software update that exploits a weakness included in the ZigBee Light Link’s Touchlink system, yes, the same as Has been attacked in several other devices.
To install this firmware you only need a drone or a vehicle that passes within 70 meters of where the light bulbs are, where once installed it will be possible to extract the AES-CCM global key from the manufacturer, which will allow to deactivate any new updates and thus Take full control of the device. But the most interesting thing is that you only need to infect a light bulb, since it will be responsible for spreading the firmware across the network and thus in a maximum of 10 minutes to gain control.
These hackers belong to the Weizmann Institute of Science and Dalhousie University, and their aim is to show the details of the vulnerability so that the responsible manufacturer can fix it as soon as possible. So they have published all the details of this work, plus they are showing a couple of videos where you can see this action in action.
First we see how they lean on a car passing by the door of the institute to alter the behavior of light bulbs.
Secondly, they make use of a drone, which approaches a building where there are several offices of security companies, such as Oracle, where the bulbs were 350 meters high and were programmed to display the Morse code of S.O.S.
Alert of the security risk of IoT devices
The analysts of Kaspersky Lab have verified the lack of security that the connected devices present after an analysis of eight randomly selected computers and their passwords configured by the supplier. Only one of the products came to meet the security requirements of the experts.
Internet of Things devices (IoT) are those that have network connectivity and are equipped with integrated technology that allows them to interact with each other or with the environment. Moreover, due to the large number and variety of available devices, the IoT has become a very attractive target for cybercriminals, as indicated by the cybersecurity company.
In a statement, Kaspersky Lab has shared the findings of its analysis, which sought to discover whether after cybersecurity incidents in recent years – such as denial of service (DDoS) launched with the help of a ‘botnet’ – the Panorama had changed.