Why Light Bulbs May Be the Next Hacker Target

["Dave Farber" <dave () farber net>]

---------- Forwarded message ----------
From: *Hendricks Dewayne* <dewayne () warpspeed com>
Date: Friday, November 4, 2016
Subject: [Dewayne-Net] Why Light Bulbs May Be the Next Hacker Target
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>


[Note:  This item comes from friend Steve Goldstein.  DLH]

Why Light Bulbs May Be the Next Hacker Target
By JOHN MARKOFF
Nov 3 2016
<http://www.nytimes.com/2016/11/03/technology/why-light-
bulbs-may-be-the-next-hacker-target.html>

SAN FRANCISCO — The so-called Internet of Things, its proponents argue,
offers many benefits: energy efficiency, technology so convenient it can
anticipate what you want, even reduced congestion on the roads.

Now here’s the bad news: Putting a bunch of wirelessly connected devices in
one area could prove irresistible to hackers. And it could allow them to
spread malicious code through the air, like a flu virus on an airplane.

Researchers report in a paper to be made public on Thursday that they have
uncovered a flaw in a wireless technology that is often included in smart
home devices like lights, switches, locks, thermostats and many of the
components of the much-ballyhooed “smart home” of the future.

The researchers focused on the Philips Hue smart light bulb and found that
the wireless flaw could allow hackers to take control of the light bulbs,
according to researchers at the Weizmann Institute of Science near Tel Aviv
and Dalhousie University in Halifax, Canada.

That may not sound like a big deal. But imagine thousands or even hundreds
of thousands of internet-connected devices in close proximity. Malware
created by hackers could be spread like a pathogen among the devices by
compromising just one of them.

And they wouldn’t have to have direct access to the devices to infect them:
The researchers were able to spread infection in a network inside a
building by driving a car 229 feet away.

Just two weeks ago, hackers briefly denied access to whole chunks of the
internet by creating a flood of traffic that overwhelmed the servers of a
New Hampshire company called Dyn, which helps manage key components of the
internet.

Security experts say they believe the hackers found the horsepower
necessary for their attack by taking control of a range of
internet-connected devices, but the hackers did not use the method detailed
in the report being made public Thursday. One Chinese wireless camera
manufacturer said weak passwords on some of its products were partly to
blame for the attack.

Though it was not the first time hackers used the Internet of Things to
power an attack, the scale of the effort against Dyn was a revelation to
people who didn’t realize that having internet-connected things knitted
into daily life would come with new risks.

“Even the best internet defense technologies would not stop such an
attack,” said Adi Shamir, a widely respected cryptographer who helped
pioneer modern encryption methods and is one of the authors of the report.

The new risk comes from a little-known radio protocol called ZigBee.
Created in the 1990s, ZigBee is a wireless standard widely used in home
consumer devices. While it is supposed to be secure, it hasn’t been held up
to the scrutiny of other security methods used around the internet.

The researchers found that the ZigBee standard can be used to create a
so-called computer worm to spread malicious software among
internet-connected devices.

[snip]

Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161105064820:5BD8053C-A345-11E6-8756-5E23F010038B
Powered by Listbox: http://www.listbox.com