Personal conveniences and environmental benefits aside, the Internet of Things is a hackers' paradise.
As the New York Times reports, Researchers at Israel's Weizmann Institute of Science and Dalhousie University in Canada recently uncovered a flaw in a wireless technology often used in smart home devices, including Philips Hue smart light bulbs.
The new risk stems from radio protocol ZigBee, a wireless communications standard widely used in home consumer devices—especially smart light bulbs. Researchers found that the nearly two-decade-old standard can be used to create a computer worm to spread malicious software.
The few lights you have installed in your house are unlikely targets. But imagine a city with thousands of Internet-connected bulbs illuminating neighboring buildings. An attack could "spread explosively over large areas in a kind of nuclear chain reaction," according to the research paper published this week.
Researchers tested their theory in two takeover attack demos, causing lights to flicker at a range of more than 230 feet while driving and from 0.2 miles while via a flying drone (video above).
The scientists notified Philips Lighting of the vulnerability, offering suggestions for a fix; the company has since issued an over-the-air patch.
It remains unclear how many Philips Hue smart light bulbs—which allow users to wirelessly control and personalize their lighting—have been sold and installed internationally. Philips did not immediately respond to a request for comment.
All it takes is a single infected bulb to allow a worm to spread, and within minutes a hacker can turn blocks of lights on or off, permanently brick them, or exploit them in a DDoS attack—like the one that knocked popular Web services offline last month. In that case, the Mirai botnet—which scours the Web for poorly protected IoT-connected devices and enlists them to overwhelm a target with online—ambushed DNS provider Dyn, causing a major outage across the globe.