INTERNET OF THINGS
NEWS

Smart lightbulbs shine new spotlight on digital spying

TeamRed
Mar 11, 2019
5 min read

When we install smart devices in hour homes, like fridges, vacuums, TVs, and microwaves, we don’t normally think of them as security threats.

A report by cybersecurity firm Dark Cubed seems to have uncovered another new threat, one that most of us would never have imagined: smart lightbulbs.

While testing a dozen commercially available lightbulbs, the experts found security flaws. However, these vulnerabilities went beyond the normal realm of manufacturer neglect, and they’ve even claimed that the vulnerabilities were so glaring that they could not have been a result of oversight.

Even more concerning is the fact that the smart lightbulbs, while being tested, sent over a million communications to 3000 external servers.

The destination of these communications? The US, Germany, Hong Kong, and China.

Among the security concerns for the different hardware tested were:

  • Insufficient encryption of information transmitted
  • Encryption certificates that couldn’t be validated
  • Vulnerabilities to man-in-the-middle attacks

The connected Android apps also requested a shocking amount of permissions to:

  • Your live location
  • Record audio
  • Read and write to external storage on your phone

Additionally, at least one of the apps requested a SYSTEM_ALERT_WINDOW permission. This allows apps to launch other apps without permission, steal information from other apps, or even allow other malware to be downloaded to a device.

The most concerning thing about the study, however, is the fact that a number of the devices and their paired Android apps were sending data to Chinese servers that the experts could not decrypt.

These findings are a cause for concern because no one knows who exactly has access to this encrypted data, and what is being done with it.

At the very least, they prove to be a stark reminder that our digital privacy is not safe when left to the hands of manufacturers. It’s important that we understand and take responsibility for our online data safety.

Finally, this particular case is also a good cautionary tale that should help us remember that simple things, like lightbulbs, may not necessarily need to be upgraded and connected to the internet. At least there’s no risk when you just flip a switch on the wall.

 

TeamRed