Commandeering Internet-connected devices is an increasingly popular pastime for hackers. Now researchers have shown that it’s not just aged devices that can be corralled by criminals.
A new study shows that it is possible to remotely hack modern smart-home hardware. The technique, demonstrated on Philips Hue smart lamps, injects a software worm that allows the researchers to control the device.
Advertisement
The compromised hardware uses a low-power wireless system called ZigBee to create its own networks. The researchers say that it’s possible for the worm to propagate from one device to another via these connections, causing it to “catastrophically spread everywhere within minutes,” in a kind of chain reaction.
This story is only available to subscribers.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.
The researchers explain that the approach can be used to turn devices “on or off, permanently brick them, or exploit them in a massive DDoS [distributed denial of service] attack.” To demonstrate the hack, the team flew a drone alongside a building and controlled a series of smart bulbs remotely.
These flickering lights are being controlled by a drone flying alongside the building.
It’s a discomforting view of the future. If enough devices are brought together in this way, they could be used to cause serious damage to the Internet.
Indeed, the threat of applying such a hack to enable a DDoS attack, where devices are appropriated by hackers and used to overwhelm servers with data requests, is timely. There have been several recent instances of Internet-connected devices being used as slaves to take down Internet services using the approach.
As we’ve pointed out before, some security experts, such as Bruce Schneier, are concerned that hackers are developing ever-more sophisticated DDoS attacks that could take down the Internet more severely than ever before. It looks like there could be more tools available to achieve that than we might like.
