Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Data Leakage

// // //
8/29/2018
09:05 AM
Larry Loeb
Larry Loeb
Larry Loeb

Data Leaks Via Smart Light Bulbs? Believe It

Researchers from the University of Texas at San Antonio have shown it's possible to exfiltrate data from a smart-bulb system. But there's no need to go back to candles just yet.

There are times when a threat model does not allow for unusual enabling devices, but a smart light bulb is not thought of as being one of them.

But two researchers from the University of Texas at San Antonio have shown that it is possible to exfiltrate information from an air-gapped system through their use.

There are some assumptions made in this work.

First, they assume the bulb (like a LIFX or a Phillips Hue) has a multimedia-visualization function enabled that is intended for use in conjunction with a song or video playing on a nearby media player. The intended result is a a vibrant lighting effect that synchronizes with the tones present in the audio or the dominant colors in the video stream, respectively.

This is what used to be called a "color organ" back in the day.

Comfreak via Pixabay
Comfreak via Pixabay

They found that audio-visualizing applications (which are separate from the bulb and use an on-device microphone) will transmit approximately 10 packets to the bulb per second, and video-visualizing applications transmit approximately 1 packet per second. Communication in the case of the LIFX bulbs happens with an 802.11 access point, whereas the Phillips Hue bulb employs 802.15.4 (Zigbee) protocol to communicate with the mobile app.

If the bulb also has an infrared capability (like the LIFX+), they show how it can be used to create a covert channel that can exfiltrate a user's private data out of his/her secured personal device or the network to which it is assumed to be connected. (The adversary is assumed to have infrared sensing capability, of course.)

For infrared exfiltration, the adversary also needs to insert some kind of malware which encodes private data from the target device and then feeds it to the smart light bulbs. This is a non-trivial part of the exploit that is assumed to be operational in order to get any actual exfiltration of data happening. Design of this software is left as an exercise for the reader.

Both indoor and outdoor receptors with optical lenses were used by the researchers to test the feasibility of the exploits. Indoor receptors gave more correct results, but acceptable results were seen even with the higher error rates of outdoor sensors.

Information exfiltration attacks on air-gapped systems by employing visible-light LED indicators have previously been shown.

But as the researchers state, "infrared-enabled smart lights can act as a superior data exfiltration gateway because (a) they have fine-grained control of brightness/intensity, which can be used to design communication protocols that achieve higher throughput, (b) they are brighter than LED indicators found on computers and routers, increasing the possibility of data reconstruction from a longer distance, and (c) the adversary does not have to surreptitiously place any additional malicious hardware in the target area (i.e., in addition to the smart light already installed by the user)."

So, the takeaway from all of this is simple. A smart bulb can be a data leak. It's a ubiquitous device that has to be considered when security models are developed.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-39044
PUBLISHED: 2022-12-07
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and ea...
CVE-2022-40966
PUBLISHED: 2022-12-07
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN fir...
CVE-2022-42458
PUBLISHED: 2022-12-07
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
CVE-2022-45910
PUBLISHED: 2022-12-07
Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) durin...
CVE-2022-34840
PUBLISHED: 2022-12-07
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600...