Smart lightbulbs shine new spotlight on digital spying

TeamRed
TeamRed
Mar 11, 2019
5 min read

When we
install smart devices in hour homes, like fridges, vacuums, TVs, and
microwaves, we don’t normally think of them as security threats.

A report by
cybersecurity firm Dark Cubed seems to have uncovered another new threat, one
that most of us would never have imagined: smart lightbulbs.

While
testing a dozen commercially available lightbulbs, the experts found security
flaws. However, these vulnerabilities went beyond the normal realm of
manufacturer neglect, and they’ve even claimed that the vulnerabilities were so
glaring that they could not have been a result of oversight.

Even more
concerning is the fact that the smart lightbulbs, while being tested, sent over
a million communications to 3000 external servers.

The
destination of these communications? The US, Germany, Hong Kong, and China.

Among the
security concerns for the different hardware tested were:

  • Insufficient encryption of
    information transmitted
  • Encryption certificates that
    couldn’t be validated
  • Vulnerabilities to man-in-the-middle
    attacks

The
connected Android apps also requested a shocking amount of permissions to:

  • Your live location
  • Record audio
  • Read and write to external storage
    on your phone

Additionally,
at least one of the apps requested a SYSTEM_ALERT_WINDOW permission. This
allows apps to launch other apps without permission, steal information from other apps,
or even allow other malware to be downloaded to a device.

The most
concerning thing about the study, however, is the fact that a number of the
devices and their paired Android apps were sending data to Chinese servers that
the experts could not decrypt.

These
findings are a cause for concern because no one knows who exactly has access to
this encrypted data, and what is being done with it.

At the very
least, they prove to be a stark reminder that our digital privacy is not safe
when left to the hands of manufacturers. It’s important that we understand and take responsibility
for our online data safety
.

Finally, this
particular case is also a good cautionary tale that should help us remember
that simple things, like lightbulbs, may not necessarily need to be upgraded
and connected to the internet. At least there’s no risk when you just flip a
switch on the wall.

 

Cybersecurity
data theft
Internet of Things
News
privacy
smart device
spying
TeamRed
TeamRed