IoT worm can hack Philips Hue lightbulbs, spread across cities Researchers have developed a proof-of-concept worm they say can rip through Philips Hue lightbulbs across entire cities – causing the insecure web-connected globes to flick on and off. The software nasty, detailed in a paper titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction [PDF], exploits hardcoded symmetric …
I beg to differ.
If it has a known protocol and if it is BEHIND a firewall and talking only to MY GATEWAY - I am all for it.
I have been fighting with the dishwasher for the best of today. It is having a hissy fit and claiming it has "water issues" which I cannot diagnose properly because I cannot interrogate its damn microcontroller and the codes on the front panel are not sufficiently informative.
I would have loved it being connected as long as it is not going anywhere outside my network - this would have allowed me to ask which of the 3 sensors in charge of the damn filling is at fault (reed counter for water volume, water fill cut-off or water level) while it is running through its tests. All of it without getting off my desk a couple of floors above it.
I don't think every I.o.T device is fundamentally flawed.
A lot of their current implementations are flawed from a security point of view.
I can see a point of internet enabled monitoring and control of several things in my house.
Lighting, heating and security all seem pretty useful to me.
The Philips implementation of shoving the IoT electronics in the lamp seems pretty silly and expensive to me. Also I wouldn't use Zigbee. But putting the IoT electronics in the ceiling rose, if properly done, seems like a good idea to me.
An internet enabled fridge or freezer that tells me its getting too hot is useful if it stops me throwing lots of food away. Although I have never saw the point ( or how it is sensibly achievable ) of a fridge that would automatically order food and drink so it can be restocked. I ( well my wife ;) ) want to be in charge of food purchases, not some flippin' fridge.
A cooker, clothes-iron or other fire risk item that could tell me remotely its still switched on could be useful. I don't know how many times I've wondered if something has been left switched on when I have left my house. Maybe I'm a bit OCD, and should get help ;) I guess I could just check manually ...
I really don't see the great advantage of the NEST single thermostat controlling an entire house's heating, But individually controlled rooms with different temperatures set looks useful to me. Especially if some rooms can be left at a low just above freezing temperature because the normal occupants of the room aren't in the house. The Honeywell EVO home looks useful, but way too expensive.
IoT toasters, kettles well they really are pointless.
Of course all these things need to be done securely, especially if home security systems are included.
Currently way too many IoT things seem to be insecure.
Along with the cost, this is what stops me from currently bothering ...
"An internet enabled fridge or freezer that tells me its getting too hot is useful if it stops me throwing lots of food away".
More than 27 years ago I bought a freezer that made a loud beeping noise if it got too warm. I believe it utilised a revolutionary device called a "thermostat".
Come on now, don't be shy. In the words of Delia,
Lets be having you.
To be honest, this is just another can in the supermarket sized can of worms that IoT is these days.
A Marketing answer to a question that has not been asked or if it has, it has not been properly considered in any way shape or form before the implementation.
IMHO, all IoT and I mean ALL should come with at very least, a health warning. At best, they should be removed from sale ASAP and all current owners told to disconnect them from the internet NOW.
Naturally, this won't happen so we will see this type of vunerability demonstrated more and more.
Eventually, a botnet will be constructed that could threaten the whole internet. Not just DDOSing a few targets but the whole thing. Then where would we be eh?
Perhaps it might be a good thing. Because the sudden inability of the Millenials to listen to their latest bit of (c)RAP or R&B (Not proper R&B in my eyes but that is another debate entirely) that they would normally stream (stupid idea IMHO) might spur some reaction.
As a boring old fart/old fogey/IT Dinosaur (who still has the puched card stack for his first program), I will do my bit and not even purchase anything that it IoT enabled.
I wonder what Donald will make of this when all the .gov sites are taken down.
Perhaps it will be 'build another golf course and hotel complex'? {joking}
As a curmudgeon, may I be the first to say... I told you so.
Following the infinite monkeys theory it had to happen sometime.
"As a boring old fart/old fogey/IT Dinosaur (who still has the puched card stack for his first program), I will do my bit and not even purchase anything that it IoT enabled."
So what happens WHEN (not IF) EVERY lightbulb on the market is "smart," candles are nowhere to be found and they ban lamp oil as a fire risk?
To answer your question about what happens when all lightbulbs are 'smart'.
I will just pull up the drawbridge, disconnect the WiFi. no WiFi then no Internet connection for those so called 'smart' but actually dumb devices. I will also make sure that I buy up bulbs that are not smart before they go off sale.
Remember that if your lightbulb can be connected to the internet, how difficult would it be to add a Microphone and ... you can get the rest. Think of all those hours of Nooky that the FBI will have to listen to before they hear the words 'F*** Trump'...
As my 'Leccy' is supplied overhead, I have a good supply of Candles and a generator. We lost power for 7 days in the great storm a few decades ago.
Even if you disconnect YOUR WiFi, what's to stop someone else setting up one from outside your premises that your devices can nonetheless reach, and indeed they may be able or even REQUIRED to do so as a Whispernet, which you'd have no ability to turn off unless you'd like to live TEMPEST-style with no windows.
IoT devices could be hardwired, then they wouldn't need wifi.
Although some people have a pathological fear of cat-5 cabling and alarm-signal cables.
As an ex-electrician, amateur electronics tinkerer, professional computer programmer I get hours of enjoyment running cat-5 and alarm-6-core-signal cables everywhere around my house. I do realise I'm a bit odd in this respect, but my home-brew IoT will not be susceptible to Wifi attacks. ( although the mice might chew through the cables )
My wife might leave me over all the money I've wasted on cat-5 and other cabling, but that's another issue ...
Even if you disconnect YOUR WiFi, what's to stop someone else setting up one from outside your premises that your devices can nonetheless reach, and indeed they may be able or even REQUIRED to do so as a Whispernet, which you'd have no ability to turn off unless you'd like to live TEMPEST-style with no windows.
I'd open up the bulb and cut the antenna. Not possible to open it up? High enough induction current will fry it anyway. Plus the added bonus of returning it just before warranty expires -- can't open it up, can't prove I did anything nasty.
So what happens WHEN (not IF) EVERY lightbulb on the market is "smart," candles are nowhere to be found and they ban lamp oil as a fire risk?
You have obviously not been to a 3rd world country (where nothing works properly, even without the aid of the Internet): People learn to ignore the problems, and just get things done.
What will Donald do when all the .gov sites are taken down ...
I guess he'll want to build a IoT firewall and get the IoT industry to pay for it.
Although he really will not have any idea what it is or if it is achievable, so then he'll just unleash the red necks in a modern day luddite revolution to destroy all the IoT devices in the US at least.
I'm not wishing this , just saying ...
They only really do lights and healthcare. The Philips badge for TVs and AV licensed to two Asian companies, so less connection to that stuff than Argos has to Bush (Argos decide which Chinese/Turkish stuff to stick the Bush badge on).
Semiconductors spun off as NXP and now getting extinguished for the IP by Qualcomm, I mean bought.
No idea who does the kitchen stuff that used to be Philips, the tumble driers, fridge, freezer, washing machine.
In 1926 they only made light bulbs and diversified into Valves (tubes) then Radio. They were once the largest Consumer Electronics in Europe.
Whilst there are currently an awful lot of people who deserve some serious punishment <remoan>(including 52% of the UK voting population)</remoan>, possibly the stocks, pillory, branding irons, the whole mediaeval thing, really the people at the front of the queue should be the spam-for-brains idiots who get away with 'designing' these IoThingies. There is more to industrial design than 'Alright, Mr. Wiseguy ... if you're so clever, you tell us what colour it should be."
Its worth noting the authors write in their conclusion that "The main problem is in
the insecure design of the ZLL [ZigBee Light Link] standard itself", yes the attack was possible due to a leaked key in the Philips implementation, but the underlying standard is poor to start with, and there are some 1000+ ZigBee certified devices on the market from various makers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
