×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Hacking Internet Connected Light Bulbs

Soulskill posted about 6 months ago | from the not-a-bright-idea dept.

Security 63

An anonymous reader writes We've been calling it for years — connect everything in your house to the internet, and people will find a way to attack it. This post provides a technical walkthrough of how internet-connected lighting systems are vulnerable to outside attacks. Quoting: "With the Contiki installed Raven network interface we were in a position to monitor and inject network traffic into the LIFX mesh network. The protocol observed appeared to be, in the most part, unencrypted. This allowed us to easily dissect the protocol, craft messages to control the light bulbs and replay arbitrary packet payloads. ... Monitoring packets captured from the mesh network whilst adding new bulbs, we were able to identify the specific packets in which the WiFi network credentials were shared among the bulbs. The on-boarding process consists of the master bulb broadcasting for new bulbs on the network. A new bulb responds to the master and then requests the WiFi details to be transferred. The master bulb then broadcasts the WiFi details, encrypted, across the mesh network. The new bulb is then added to the list of available bulbs in the LIFX smart phone application."

Sorry! There are no comments related to the filter you selected.

Borg Home (1)

ArcadeMan (2766669) | about 6 months ago | (#47385455)

Just don't do it.

Re:Borg Home (1)

axlash (960838) | about 6 months ago | (#47385493)

I get that large industrial/office complexes might want to automate/regulate lighting, but why would you want to do this for your home?

Looks like overkill to me.

Re:Borg Home (2)

drinkypoo (153816) | about 6 months ago | (#47385541)

I get why I'd want to do it at home, but not why I'd pay someone else to do it. You can get arduinos or whatever around ten bucks, if you're willing to deadbug or make your own boards by one method or another you can do your own automation for pennies on the dollar. And I'd rather use a serial loop than ethernet anyway. sure, I wouldn't implement any security either, but the obscurity of a custom system that's just not on an ethernet would discourage casual attackers, which is about all I would reasonably expect to defeat anyway.

Re:Borg Home (2)

Albanach (527650) | about 6 months ago | (#47385655)

I get why I'd want to do it at home, but not why I'd pay someone else to do it

I'm not sure how you're going to create an asthetically pleasing multi color 1,000 lumen LED that fits in a standrard lamp using a $10 controller. Plus create an app or web interface to control timing/dimming/color. If you figure it out, please post the details as I'm sure lots of folk would love to take on that project.

In the meantime, I'm thinking these look pretty neat if a little expensive since I think you'd need quite a few bulbs for the best effect.

Re:Borg Home (1)

drinkypoo (153816) | about 6 months ago | (#47385815)

I'm not sure how you're going to create an asthetically pleasing multi color 1,000 lumen LED that fits in a standrard lamp using a $10 controller.

I'm talking about the automation, not the lighting itself. And I don't care if it fits into a standard lamp if I make the modifications myself

In the meantime, I'm thinking these look pretty neat if a little expensive

They're a lot expensive. And insecure.

Re:Borg Home (1)

SuperTechnoNerd (964528) | about 6 months ago | (#47385543)

Sounds like dumb, sorry smart grid technology :)

Re: Borg Home (1)

James Buchanan (3571549) | about 6 months ago | (#47387839)

Sorry about this comment, think of what else may be built into the common light bulb,and realize the security and privacy implications. Then think of the recent miniaturizations that have been put forward,with the higher input voltages,what else needs to be available for low level spying.

Re:Borg Home (0)

Anonymous Coward | about 6 months ago | (#47385555)

Localizing control helps with RF issues. If you want to control individual RGB bulbs for mood lighting, you would end up rapidly switching a power line on and off all the way between the dimmers and each channel of each bulb to control the brightness and color of the lamps. That's not good design, and you would either need to put a lot of information about the characteristics of different types of bulbs into the dimmers or the bulbs would have to convert a generic pulse width modulation into the actual (higher frequency) signal for the LEDs. Long story short, expect light to be switched by the bulb, not by the "switch" on the wall. The problems don't arise from the general concept but from the "it works, ship it" implementations.

Re:Borg Home (5, Insightful)

GNious (953874) | about 6 months ago | (#47385609)

(disclosure: I own LIFX lightbulbs, and wrote an app that controls them)
"Smart-home" stuff is, currently, mostly toys - you have them for doing stuff that you largely don't need to do.
Some Smart-home stuff is able to go beyond the toy-stage, like intelligent control of heating, remote monitoring etc, where they can serve specific, valuable purposes.

Intelligent lightbulbs? Mine are able to entertain the kids for 20 minutes (let them go amok with the app), while I worked on making my phone advice me of SMSes and emails via a brief colour-change to a bulb; this is still in the toys-stage, but slowly starts serving a purpose.

So, in view of you stating it is overkill, I'd ask whether saving on your heating bill is overkill, or whether having fun with setting lighting-levels and -colours is overkill?
Naturally, the answer depends on your values in life :)

Note: My latest suggestion for use of Smart-home equipment was to mix a LIFX lightbulb with a Doorbot (doorbell with camera and wifi), to alert a deaf person of the doorbell being used, by sending visual cues via the lightbulbs (specific colour-change).

Reasons why I don't like the Internet of Things. (1, Funny)

Anonymous Coward | about 6 months ago | (#47385755)

Here's a list of reasons why I don't like the Internet of Things:

1) Internet of Things devices could watch me while I sleep.

2) Internet of Things devices could watch me while I pee.

3) Internet of Things devices could watch me while I make kaka.

4) Internet of Things devices could watch me while I pleasure myself.

5) Internet of Things devices could watch me while I wash my body in the shower.

6) Internet of Things devices could watch me while I relax in the tub.

7) Internet of Things devices could watch me while I brush my teeth.

8) Internet of Things devices could watch me while I make passionate love to my wife.

9) Internet of Things devices could watch me while I brush my hair.

10) Internet of Things devices could watch me while I read a book.

11) Internet of Things devices could watch me while I read Slashdot.

12) Internet of Things devices could watch me while I bake cake.

13) Internet of Things devices could watch me while I put in my contact lenses.

14) Internet of Things devices could watch me while I get ready to play golf.

15) Internet of Things devices could watch me while I do my laundry.

16) Internet of Things devices could watch me while I think about rugby.

17) Internet of Things devices could watch me while I tie my shoes.

18) Internet of Things devices could watch me while I celebrate the 4th of July.

19) Internet of Things devices could watch me while I water my flowers.

20) Internet of Things devices could watch me while I eat ham.

21) Internet of Things devices could watch me while I use my stapler to staple documents.

22) Internet of Things devices could watch me while I chew bubble gum.

23) Internet of Things devices could watch me while I check the oil in my car.

24) Internet of Things devices could watch me while I look for my TV remote.

25) Internet of Things devices could watch me while I blow my nose.

26) Internet of Things devices could watch me while I rearrange my stamp collection.

27) Internet of Things devices could watch me while I listen to the Backstreet Boys.

28) Internet of Things devices could watch me while I do my calisthenics.

29) Internet of Things devices could watch me while I search for a paper clip.

30) Internet of Things devices could send information about me to advertisers.

31) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I sleep.

32) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I pee.

33) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I make kaka.

34) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I pleasure myself.

35) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I wash my body in the shower.

36) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I relax in the tub.

37) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I brush my teeth.

38) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I make passionate love to my wife.

39) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I brush my hair.

40) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I read a book.

41) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I read Slashdot.

42) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I bake cake.

43) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I put in my contact lenses.

44) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I get ready to play golf.

45) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I do my laundry.

46) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I think about rugby.

47) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I tie my shoes.

48) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I celebrate the 4th of July.

49) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I water my flowers.

50) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I eat ham.

51) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I use my stapler to staple documents.

52) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I chew bubble gum.

53) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I check the oil in my car.

54) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I look for my TV remote.

55) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I blow my nose.

56) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I rearrange my stamp collection.

57) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I listen to the Backstreet Boys.

58) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I do my calisthenics.

59) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I search for a paper clip.

60) Everything listed above is really, really, really fucking creepy.

And those are just my top 60 reasons! I've got a lot more than just those. The Internet of Things is creepy to the max and it sounds like it could be very invasive.

Re: Reasons why I don't like the Internet of Thing (0)

Anonymous Coward | about 6 months ago | (#47385821)

If you do it right then only your stuff can see and control your other stuff. If you let google, apple, or ms provide the service or user interface then...

Re: Reasons why I don't like the Internet of Thing (1)

jones_supa (887896) | about 6 months ago | (#47387231)

The way it works is that they bundle a cool app to go with the product, which needs some server-side work to process your data.

This creates them a nice trojan horse to carry your data to be datamined.

If the app is convenient enough to use, it quickly trumps most people's concerns of privacy.

Re:Reasons why I don't like the Internet of Things (1)

Anonymous Coward | about 6 months ago | (#47386459)

data unsuspectingly collected about me while I listen to the Backstreet Boys.

Your list all seemed like normal stuff until I got to that one.

Now I see what you have to hide. You should be ashamed.

Re:Reasons why I don't like the Internet of Things (1)

NemoinSpace (1118137) | about 6 months ago | (#47387067)

Internet of Things devices could watch me while I

type the same phrase over and over, but could have copy/pasted if i really understood the internet of things.

Re:Reasons why I don't like the Internet of Things (3, Insightful)

MMC Monster (602931) | about 6 months ago | (#47387553)

#1 - You're not that interesting.

#2 - Connected devices can have interesting power management solutions. It's not just adjusting the home temperature when it figures out no one's going to be home for 8 hours. What about adjusting when the fridge uses the most power during times when electricity is the cheapest? Or sending you a text message if the motion detectors go off but your car is not in the driveway/garage? Or have lights go on just after dusk (regardless of time of year) and go out at a random time between 10 and 11pm (unless motion suggests people are home)?

The upfront cost of these devices are a bit more. To be absorbed by early adopters, of course. But when the prices come down and the kinks straightened out, they can be quite useful.

OnTopic: My neighbor showed me the app he had on his phone to monitor his pool. It allowed him to monitor temperature, pH, turn the filter and heater on, etc. The installer gave it a default 4 digit passcode, which was apparently the same four digit passcode that every other installation had. Since the ID number of the pool was adjustable, my neighbor joked that he would sometimes log into random people's pools and flash their pool lights (and had others do it to him as well). Fortunately no one's raised the pool temperature to 90 degrees or something like that (yet).

Re:Reasons why I don't like the Internet of Things (0)

Anonymous Coward | about 5 months ago | (#47392693)

Seriously a list of 60 reasons LOL. Wish I had the ability to deduct some of those time and add to something here that needs more time.

Re:Borg Home (1)

axlash (960838) | about 6 months ago | (#47386315)

I'm being very specific here - I'm referring to internet controlled home lighting. If all I care about is switching on/off lights, it is overkill.

I can't say I'm too hot ('scuse the pun) on remote controlled heating either; I'd need to see significant savings before I was tempted to invest in that.

Of course, if this is all about having fun while engaging in a home project, that's another story altogether.

Re:Borg Home (1)

uninformedLuddite (1334899) | about 6 months ago | (#47391001)

Once you have invested in all these 'cool' technologies it is a given that the government will link them up with smart metering and control your shit. All for the benefit of the children. Probably Honduran ones.

Re:Borg Home (1)

AmiMoJo (196126) | about 6 months ago | (#47387391)

It's sad that we are a long way behind on home automation in the west. The Japanese have had this stuff for years now, and it works well.

For example many air conditioning units can be linked via wifi for remove control. When you are 5 minutes from home your phone notifies the air-con to turn on max and be ready for your arrival, at which point it can turn right down to avoid giving you the chills. The air-con itself has a sensor that makes sure it directs cold air away from you when you are in the room.

You can get cameras for your front door that use wifi to talk to your phone. When someone rings the doorbell an image of them pops up on your phone. If you are out you can chat to them, e.g. to tell them to deliver a package to a neighbour or hide it somewhere.

Phone/internet controlled baths are available too. You can arrive home to a waiting hot tub of water, or just fill it and get a notification when it's ready. Some robot vacuum cleaners have wifi too, and will send you pictures of stuff they find under the sofa. Sharp's Cocorobo has a speaker too so you can drive to around remotely and talk to your pets while away from home. I have to admit that last function may not be terribly useful.

Re:Borg Home (3, Interesting)

GNious (953874) | about 6 months ago | (#47385621)

(disclosure: I own LIFX lightbulbs, and wrote an app that controls them)
"Smart-home" stuff is, currently, mostly toys - you have them for doing stuff that you largely don't need to do.
Some Smart-home stuff is able to go beyond the toy-stage, like intelligent control of heating, remote monitoring etc, where they can serve specific, valuable purposes.

As for "intelligent" lightbulbs? Mine are able to entertain the kids for 20 minutes (let them go amok with the app), while I worked on making my phone advice me of SMSes and emails via a brief colour-change to a bulb; this is still in the toys-stage, but slowly starts serving a purpose.

So, in view of you stating it is overkill, I'd ask whether saving on your heating bill is overkill, or whether having fun with setting lighting-levels and -colours is overkill?
Naturally, the answer depends on your values in life :)

Note: My latest suggestion for use of Smart-home equipment was to mix a LIFX lightbulb with a Doorbot (doorbell with camera and wifi), to alert a deaf person of the doorbell being used, by sending visual cues via the lightbulbs (specific colour-change).

Re:Borg Home (1)

Stan92057 (737634) | about 6 months ago | (#47385827)

I really question the savings the device will need 24/7 internet connection, constant monitoring. That costs money that was not being used before. we need to be finding things that don't use anymore unreplenishable recourses like coal, oil. Now a device that doesn't have to connect to the internet would be a much more cost saving device. the non internet device can be charged by solar. But in not saying people shouldn't use it if they can afforded it sure use it but I think they are not saving anything in the long run only burning more oil IMO

Re: Borg Home (0)

Anonymous Coward | about 6 months ago | (#47386275)

The WiFi consume a bit but the 802.15.4 can run for years on batteries with the right duty cycle.

Re:Borg Home (0)

Anonymous Coward | about 6 months ago | (#47385941)

Admit it, you're just waiting for your buyout phone call from Google or Apple. You don't give really two shits for IoT apart from setting you up for retirement by 41.

Re:Borg Home (0)

Anonymous Coward | about 6 months ago | (#47385991)

The real cost is not financial, it is the complexity cost of the new system, why build light bulbs that need securing from internet threats? why build light bulbs that have such features that then need set-up? It is not that they lack utility nor that the financial cost is to great it is just that they add an extra burden on your time that must then be justified by the advantages, if you could get most of the same advantages through another system then the balance is still in the negative.

There will always be niche applications, and in the long run I can see some advantages to a smarter lighting system, it is just that the bulb is not where you would want to put the smarts. Given that the bulb would probably just respond to signals from the lighting circuit an internet connection is unnecessary for most features, if not nearly all of the ones I have herd so far.

Re:Borg Home (2)

matria (157464) | about 6 months ago | (#47386429)

Sounds like this sort of thing could be useful in the Deaf community - have the lighting flash different colors for various alarms and notifications.

Re:Borg Home (1)

Fawd Noor (2900051) | about 6 months ago | (#47387045)

In this Website you can get information about the Social Bookmarking and SEO and other Hub of SEO. And that are the Hub of SEO, Social Bookmarking, Classified ads, Guest blog and other SEO related information you can get here.
Thanks........

  Social BookMarking site [inworldmarket.com]

Re:Borg Home (1)

Stan92057 (737634) | about 6 months ago | (#47385737)

Knowing what I know using theses internet connected devices are a really really bad idea. Not because they are useless but because we have far too many bad people tiring to game the system, and steal from everyone they can. Including Corporations "GoogleThinking its there god given right to gain access to our most private of places our home. Stay out your not wanted so me im using thumb power to turn my utility's on and off tvm :)

Is the Internet of Things going to watch me naked? (0)

Anonymous Coward | about 6 months ago | (#47385597)

I'm not a very technical person (I'm just a graphics designer) so I don't know a lot about all of these newfangled technologies. But everything I read about the Internet of Things scares the living bajeezus out of me! I don't want these devices listening to me or monitoring me or maybe even taking pictures and video of me while I'm showering or pissing or making poopoo or making love with myself and my signficant other. Doesn't this bother anyone else? Don't other people think it's sick and disgusting to have Internet of Things devices monitor them while they're in the bathroom? Why are such devices seen as being good? The thought of being monitored like that makes me want to vomit. I don't want these devices peering into my trousers or ogling my naked body, especially while I'm doing my private bodily business!

Is the Internet of Things going to watch me naked? (0)

Anonymous Coward | about 6 months ago | (#47385641)

I think many such fears are unfounded. 99.999% of the time, these devices will do exactly what they claim to do, and nothing more. Remote control of a lightbulb is mostly trivial, but the complexity required to upload pictures or video or sound is orders of magnitudes higher.

I'm not saying it's not possible, just quite unlikely as it will drive up the production costs, power consumption, and complexity of such devices. It would also be pretty hard to hide in many cases. For this to be a real concern, some entity would have to have a serious vested interest in spending an inordinate amount of money to subsidize the cost or products just to see you poop. Not to mention that if they ever got caught, the lawyer and pitchfork mob would destroy them. Few people in the world are powerful enough to absorb that kind of anger and wrath.

Technology changes fast, fast, FAST! (0, Insightful)

Anonymous Coward | about 6 months ago | (#47385693)

I see what you're saying, but I just don't know if that's how things will turn out in the long term, or even in the medium term.

Just look at cell phones, for crying out loud. I went to get a new phone a few weeks ago, and even the cheapest minimalist phones my telecom provider was offering had cameras and GPS built in, along with the microphone that's obviously needed since it's a phone, and Internet capabilities. Even their shittiest low end clamshell phone had these features, and that phone was retailing for $15 without any sort of discount or subsidy! I couldn't get a plain old cell phone that was just a phone. They didn't offer them!

If a phone with all of those features costs under $20 today, I can totally see such things being way cheaper in the near future, and then ending up even in something as simple as a light bulb soon enough after that. Maybe the light bulb vendor will only want a board with wireless Internet on it, but in order to get just that it ends up being cheaper to get integrated components that have everything included. So now your IoT light bulb not only has Internet access but it also has a camera, a microphone, GPS and other sensors, even if it doesn't use any of them.

Then all it takes is a crafty neighbor to use his electronics skills and his Linux skills and his C skills to whip up a device that can control my light bulbs and their unused functionality. Now the camera that wasn't being used is controlled by him, while he sits in his mother's basement watching me as a wash my groin in the shower. He might even pleasure himself while he watches me shower. I find that to be a repulsive idea.

This is the future we're facing. I don't like it one bit!

Re:Technology changes fast, fast, FAST! (1)

uninformedLuddite (1334899) | about 6 months ago | (#47391011)

while he sits in his mother's basement watching me as a wash my groin in the shower.

People actually wash their groins?

Re:Is the Internet of Things going to watch me nak (0)

Anonymous Coward | about 6 months ago | (#47385683)

Yes. The NSA is watching you. Now please don't post this silly question a third time.

Re:Is the Internet of Things going to watch me nak (2)

Em Adespoton (792954) | about 6 months ago | (#47385733)

While I presume the parent is meant to be some sort of satire, it's interesting that throughout history, slaves and then servants have generally been accepted in all these locations doing the same looking and listening. And the slaves/servants talked to each other -- they just didn't talk that much to the upper class, so what they said wasn't considered an issue.

What we're doing here is making our electronics replace those people, which is a good thing. The bad thing is that while we accept the devices in our lives, and consider their "conversation" meaningless to us, that conversation can be manipulated by anyone with some smarts and a network connection. So insead of slaves escaping or this month's maid getting fed up and moving on, you have devices that can leak all your personal information they have access to (lights tend to know when you're home) to the benefit of someone else.

Re:Borg Home (1)

antdude (79039) | about 6 months ago | (#47385883)

"Just do it." --Nike Borgs

Re: Borg Home (1)

LocutusOfBorg1 (1549493) | about 6 months ago | (#47386749)

Resistance is futile.

Dodged a bullet! (1)

mariox19 (632969) | about 6 months ago | (#47385483)

Imagine if Pinky and the Brain had possessed such capabilities! They could not have been stopped. [youtube.com]

Wireless stupidity (0)

Anonymous Coward | about 6 months ago | (#47385517)

Every one of those bulbs is connected to a wired network for power, and then controlled by a poorly secured wireless network that is easily infiltrated or jammed. But it's soooo convenient... Shiny trinkets work every time.

Re:Wireless stupidity (1)

Joe_Dragon (2206452) | about 6 months ago | (#47385689)

data signal between them depends on the quality of the electrical wiring itself. On top of that, improper wiring and circuit breakers can also negatively affect the performance.

Re:Wireless stupidity (2)

RealGene (1025017) | about 6 months ago | (#47386851)

Erm, no, it doesn't. The LIFX bulbs establish a wireless RF mesh network amongst themselves. This isn't X-10.
The bulbs don't have to be on the same circuit, or technically, even in the same house.

Really? (1)

CaptainDork (3678879) | about 6 months ago | (#47385527)

At least they didn't have to drill a hole through the roof.

Could these light bulbs contain cameras? (0)

Anonymous Coward | about 6 months ago | (#47385529)

I've never heard of light bulbs like this before. But is it possible that they could some day include small, hidden cameras? This worries me, because I do not feel at all comfortable that such cameras, if they existed, would not be abused. I would not want some advertising company to watch me while I'm in the shower, or while I'm urinating or defecating. This whole idea about the internet of things or whatever it's called just creeps me out completely! I don't want advertisers watching me while I'm in the bathroom. I don't want them looking at my genitals and analyzing them and figuring out how to try to sell me more products that I don't even need.

Re:Could these light bulbs contain cameras? (2, Insightful)

Anonymous Coward | about 6 months ago | (#47385547)

1. offer some snazy new product that really isn't better than the current product
2. suck up data about the user under the guise of new cool tech features
3. ?????????????????????
4. PROFIT from the data

the key here is grabbing your data. having the ability to turn your lights on over the internet or change your home's temperature or some other useless feature for crazy OCD mental people who need total control over everything is just a cover to get hands on data about you

Re:Could these light bulbs contain cameras? (1)

westlake (615356) | about 6 months ago | (#47385859)

I would not want some advertising company to watch me while I'm in the shower, or while I'm urinating or defecating.

Then don't mount a security camera in your bathroom.

Unless you have a legally defensible reason for doing so, such as the care of a physically frail parent or grandparent.

I just read my neighbors sensors for now. (2, Interesting)

Anonymous Coward | about 6 months ago | (#47385631)

No need to mess with anybody. Just read temperature sensors with home-brew receiver. It now scans the entire range and decodes multiple models of sensors. Most of the 433MHz sensors are extremely easy to decode... I see no reason why they shouldn't be. Would suck if they encrypted them. The power outlet control devices though.... why would you not encrypt that? I was able to start controlling my own 110v devices with custom receiver/transmitter in about 1 day of hacking no problem. . Should be easy to control the neighbors as well (if I were so inclined). Of course, with some elevation and more power, it would be possible to be extremely annoying. In summary, make your transmit only devices un-encrypted. Make your read/write devices encrypted.

Re:I just read my neighbors sensors for now. (0)

Anonymous Coward | about 6 months ago | (#47389719)

Should be easy to control the neighbors as well (if I were so inclined).

Future cat burglars' routine:

1) plug modified device in outdoor electrical outlet.
2) disable security system
3) turn on lights
4) unlock door
5) play "He's got the whole world in his hands" over house's sound system

The nice thing about home device standards (0)

Anonymous Coward | about 6 months ago | (#47385649)

The nice thing about home device communication standards, is that there are none...

Why cares? (0)

Anonymous Coward | about 6 months ago | (#47385723)

So someone will be able to turn on and off someone else's light bulbs at the expense of their time. Life is too short to try to do it or worry that this might happen to you. I take security seriously but this is not a case where security is in danger.

Re:Why cares? (2)

queazocotal (915608) | about 6 months ago | (#47385851)

Err - you're vastly missing the point.
Take a wifi antenna with moderate gain.
Now, wave it around.
If you're within 200m or so of one of these light-bulb networks, you can pretend to be a new bulb, and request the wifi login details.
You now simply tell the master bulb that you're the master bulb now, and should do all the wifi stuff (just to make very sure that no alarm bells go off).
Now, you fire up your wifi, with the MAC set to the old master bulbs MAC, and now simply login to the AP with the credentials you just downloaded.

And now, you can do whatever.

How is this possible? (0)

Anonymous Coward | about 6 months ago | (#47385839)

I work on IoT devices and all comms are encrypted. You can hang out forever on the mesh (network) and not see anything. You can do a denial of service by spraying on the frequencies but you can't see traffic.

Relay Based Electric Lights (1)

Anonymous Coward | about 6 months ago | (#47385925)

I recall visiting a house in the 1950s that had all the light switchs connected to a relay bank in the basement. (low voltage to the switches). This meant for example that you could push the right switch and turn every light in the house on at once. Of course this had to be done when the house was being built. The home was owned by a GE employee. Here is a link to parts for that kind of system: http://www.kyleswitchplates.com/ge-low-voltage-relays-transformers/

So all you have really done is changed from dedicated wiring to using the internet. (and some more options). Note that this system did not really catch on. GE now just sells similar units for offices and factories where one switch can turn on a whole floor of lights using relays.
So its just a more up to date version of an old system (I suspect you could find similar systems in the 1920s as well)

Hail to the Master (0)

Anonymous Coward | about 6 months ago | (#47385989)

"consists of the master bulb broadcasting for new bulbs on the network. A new bulb responds to the master "

So the new bulbs are 'Slaves'? 'Followers'? 'Disciples'?

There is no Master but Master, and QT1 is His prophet.

Big Bang Theory (1)

volmtech (769154) | about 6 months ago | (#47386085)

And no one remembers the episode of the Big Bang Theory where the guys did just that and let hackers control their lights and remote control cars?

Re:Big Bang Theory (0)

Anonymous Coward | about 6 months ago | (#47387177)

We aren't all losers that live vicariously through a TV show.

Re:Big Bang Theory (1)

jones_supa (887896) | about 6 months ago | (#47387253)

:D

lightbulbs? (0)

Anonymous Coward | about 6 months ago | (#47386307)

since when are light bulbs connected to the internet? I guess they have ethernet ports?

Re:lightbulbs? (1)

jones_supa (887896) | about 6 months ago | (#47387259)

They are actually connected to the Internet. The lights can be controlled through a smartphone. The bulbs use WiFi instead of Ethernet.

Nonsense (0)

Anonymous Coward | about 6 months ago | (#47386637)

Why not break in to the WiFi network while you're at it. Then you could access somebody's computer's camera, microphone and files. Even steal their money. Oh wait, the computer is a 'thing', right? Scary stuff. Soon we'll have a global network of those things.

Re:Nonsense (4, Informative)

RealGene (1025017) | about 6 months ago | (#47386869)

That's the whole point of TFA. A lightbulb will hand out the WiFi credentials to anything impersonating another lightbulb.
No need to crack WPA, just hop into the mesh network, announce that you're a lightbulb, and the keys are handed to you.
So, your lights, thermostat, lawn-watering controller, swimming pool monitor, and eventually your TV and your refrigerator become attack surfaces that roll over just by looking at them and saying "please".

Re:Nonsense (0)

Anonymous Coward | about 6 months ago | (#47391481)

Why not just ban all mac addresses and allow only known ones on a secure wifi, while allowing any on a guest wifi keeping it seperate from your sensitive computers, nas drives, etc.?

Re:Nonsense (1)

RealGene (1025017) | about 5 months ago | (#47393419)

Because that would require planning for, designing, and implementing security as a first principle, rather than just making sure the phone app has pretty glowing buttons.
I'm not saying that these things must be insecure, just that most of them currently are insecure.

A new WAN? They kept that quiet. (0)

Anonymous Coward | about 6 months ago | (#47387461)

What is this "Hacking Internet"? Has somebody set up a parallel Internet, just for hackers, on the cheap by creating a giant mesh network of networkable light bulbs?

(Come to think of it, when it comes to choosing a technology for a fledgling WAN, light (in the form of lasers) seems like it could be a fairly good choice for long, point-to-point links, for which radio is likely to require licensing.)

"whilst"? (0)

Anonymous Coward | about 6 months ago | (#47389107)

>Monitoring packets captured from the mesh network whilst adding new bulbs, we were able to identify the specific

Really, wtf uses the word "whilst" outside of a comic book?

Don't mean to be a troll, since the article almost provides useful information, but come on.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?