Skip to Content

Smart Lightbulbs Could Plunge the Internet Into Darkness

A new study shows how connected devices could be hijacked to perform ferocious digital attacks.
November 3, 2016

Commandeering Internet-connected devices is an increasingly popular pastime for hackers. Now researchers have shown that it’s not just aged devices that can be corralled by criminals.

A new study shows that it is possible to remotely hack modern smart-home hardware. The technique, demonstrated on Philips Hue smart lamps, injects a software worm that allows the researchers to control the device.

The compromised hardware uses a low-power wireless system called ZigBee to create its own networks. The researchers say that it’s possible for the worm to propagate from one device to another via these connections, causing it to “catastrophically spread everywhere within minutes,” in a kind of chain reaction.

The researchers explain that the approach can be used to turn devices “on or off, permanently brick them, or exploit them in a massive DDoS [distributed denial of service] attack.” To demonstrate the hack, the team flew a drone alongside a building and controlled a series of smart bulbs remotely.

These flickering lights are being controlled by a drone flying alongside the building.

It’s a discomforting view of the future. If enough devices are brought together in this way, they could be used to cause serious damage to the Internet.

Indeed, the threat of applying such a hack to enable a DDoS attack, where devices are appropriated by hackers and used to overwhelm servers with data requests, is timely. There have been several recent instances of Internet-connected devices being used as slaves to take down Internet services using the approach.

The most serious of those saw a widespread Internet outage hit the East Coast of the U.S. While those attacks were blamed on the Internet of things, it has been suggested that it was older devices that were used to carry out the attacks. This research demonstrates that it may be possible to add more modern devices to the ranks of zombie hardware used by hackers.

As we’ve pointed out before, some security experts, such as Bruce Schneier, are concerned that hackers are developing ever-more sophisticated DDoS attacks that could take down the Internet more severely than ever before. It looks like there could be more tools available to achieve that than we might like.

(Read more: IoT Goes Nuclear, New York Times, “The Internet of Things Goes Rogue,” “Massive Internet Outage Could Be a Sign of Things to Come,” “How the Internet of Things Took Down the Internet”)

Keep Reading

Most Popular

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.

A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate

Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway

Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.