Published August 14, 2013
In the modern world, everything is online -- and unsafe.
That's the message from researcher Nitesh Dhanjani, who discovered a vulnerability in Philips new line of smartphone-controlled lightbulbs that would allow a hacker to remotely turn them on and off, an action that could have major consequences in hospitals and other public venues, he said.
It’s just one example of the challenges tech companies face in the modern era, where everything from doorknobs to refrigerators is connected and therefore at risk, explained Dan Goodin on Ars Technica.
“They're susceptible to the same kinds of hack attacks that have plagued computer users for decades,” Goodin wrote, a phenomenon known as "the Internet of Things." “[It's] another example of the risks posed by connecting thermostats, door locks, and other everyday devices to the Internet so they can be controlled by someone in the next room or across town.”
“While the so-called Internet of Things phenomenon brings convenience and new capabilities to gadgets, they come at a cost,” he said.
The Philips Hue lightbulbs in question have LED bulbs that can be tuned to any of 16 million colors. The color and on/off status are controlled via an app on an owner’s iPhone or Android-powered smartphone. And through a backdoor in that control software, a hacker can take over the bulb and create a perpetual blackout.
“If the victim manually switches the bulbs off and on, the lights will ﬂicker on for less than half a second and then go off again until the victim recognized and terminates the script,” Dhanjani wrote.
Efforts to explain the problem to Philips fell on deaf ears, the researcher said.
"Image the power of a remote botnet system being able to simultaneously cause a perpetual blackout of millions of consumer lightbulbs," Dhanjani wrote. "As consumer devices permeate homes and offices, this scenario is increasingly likely."