When we install smart devices in hour homes, like fridges, vacuums, TVs, and
microwaves, we don’t normally think of them as security threats.
A report by cybersecurity firm Dark Cubed seems to have uncovered another new threat, one that most of us would never have imagined: smart lightbulbs.
While testing a dozen commercially available lightbulbs, the experts found security
flaws. However, these vulnerabilities went beyond the normal realm of
manufacturer neglect, and they’ve even claimed that the vulnerabilities were so
glaring that they could not have been a result of oversight.
Even more concerning is the fact that the smart lightbulbs, while being tested, sent over
a million communications to 3000 external servers.
The destination of these communications? The US, Germany, Hong Kong, and China.
Among the security concerns for the different hardware tested were:
- Insufficient encryption of information transmitted
- Encryption certificates that couldn’t be validated
- Vulnerabilities to man-in-the-middle attacks
The connected Android apps also requested a shocking amount of permissions to:
- Your live location
- Record audio
- Read and write to external storage on your phone
Additionally, at least one of the apps requested a SYSTEM_ALERT_WINDOW permission. Thisallows apps to launch other apps without permission, steal information from other apps, or even allow other malware to be downloaded to a device.
The most concerning thing about the study, however, is the fact that a number of the
devices and their paired Android apps were sending data to Chinese servers that
the experts could not decrypt.
These findings are a cause for concern because no one knows who exactly has access to this encrypted data, and what is being done with it.
At the very least, they prove to be a stark reminder that our digital privacy is not safe
when left to the hands of manufacturers. It’s important that we understand and take responsibility for our online data safety.
Finally, this particular case is also a good cautionary tale that should help us remember
that simple things, like lightbulbs, may not necessarily need to be upgraded
and connected to the internet. At least there’s no risk when you just flip a
switch on the wall.