install smart devices in hour homes, like fridges, vacuums, TVs, and
microwaves, we don’t normally think of them as security threats.
A report by
cybersecurity firm Dark Cubed seems to have uncovered another new threat, one
that most of us would never have imagined: smart lightbulbs.
testing a dozen commercially available lightbulbs, the experts found security
flaws. However, these vulnerabilities went beyond the normal realm of
manufacturer neglect, and they’ve even claimed that the vulnerabilities were so
glaring that they could not have been a result of oversight.
concerning is the fact that the smart lightbulbs, while being tested, sent over
a million communications to 3000 external servers.
destination of these communications? The US, Germany, Hong Kong, and China.
security concerns for the different hardware tested were:
- Insufficient encryption of
- Encryption certificates that
couldn’t be validated
- Vulnerabilities to man-in-the-middle
connected Android apps also requested a shocking amount of permissions to:
- Your live location
- Record audio
- Read and write to external storage
on your phone
at least one of the apps requested a SYSTEM_ALERT_WINDOW permission. This
allows apps to launch other apps without permission, steal information from other apps,
or even allow other malware to be downloaded to a device.
concerning thing about the study, however, is the fact that a number of the
devices and their paired Android apps were sending data to Chinese servers that
the experts could not decrypt.
findings are a cause for concern because no one knows who exactly has access to
this encrypted data, and what is being done with it.
At the very
least, they prove to be a stark reminder that our digital privacy is not safe
when left to the hands of manufacturers. It’s important that we understand and take responsibility
for our online data safety.
particular case is also a good cautionary tale that should help us remember
that simple things, like lightbulbs, may not necessarily need to be upgraded
and connected to the internet. At least there’s no risk when you just flip a
switch on the wall.