Smart Bulb Virus infects thousands of devices in minutes

Smart bulbs are good, but they need to be protected from external threats.

Creating botnets from poorly protected IoT devices is becoming an increasingly significant threat. For example, the Mirai software, the source code of which recently hit the network, makes it possible to control IoT devices even for those intruders who have practically no experience with cyber attacks.

Networked systems are becoming more and more, IoT devices include television, cameras, and security systems with thermostats. Protecting such devices from external attacks leaves much to be desired. The results of a new study of information security experts prove the possibility of successful remote attacks on many smart devices used at home and in the office.


Researchers have demonstrated the possibility of attacks against smart lamps Philips Hue. Introduction to the malware system allows a hacker to take control of remote devices into his own hands. The compromised equipment uses the ZigBee wireless communication protocol to further attack, allowing you to create entire networks from hacked devices. More specifically, this is a vulnerability in ZigBee Light Link. Cybersecurity experts managed to extract the AES-CCM key, with which Philips encrypts and protects the firmware of its lamps. Malicious software is transmitted from one device to another through the air, causing "extremely rapid spread of malicious software on neighboring devices in a matter of minutes." Infection of the lamps is really carried out very quickly, and if there are other Hue lamps nearby, they become infected by the chain.
')
In order to infect all smart lamps within a certain region, just one infected “zero patient” will suffice. The cost of the equipment used to attack does not exceed several hundred dollars. This was told by Ayal Ronen (Eyal Ronen), an expert on cyber security from Israel.

To infect smart bulbs, experts organized the download of a malware-update, which was made possible by obtaining the AES-CCM key mentioned above. With it, the light bulb manages to "convince" that the time has come to update the firmware, and the light bulb becomes infected.

You can use already infected devices in different ways. For example, simply control the on and off, disable the device, or form a botnet from the hacked devices. Below is an example of managing many cracked smart lights. Hacking them and then managed to manage with the help of a quadrocopter at a distance of 350 meters. The breaking of light bulbs was carried out at the Israeli CERT office. At the end of the video shows how the light bulbs transmit using the Morse code SOS signal.


Researchers say that such a way to control IoT devices (not just lamps) is quite achievable, and he questions the rosy pictures of the digital future that corporations paint for us. If a sufficiently large number of such devices are combined into a botnet, it will be possible to bring down an incomparable DDoS attack with anything on various network resources.

Proving this is no longer required. The creators of Mirai were able with the help of the army of "zombie devices" were able to a powerful DDoS-attack on the site of information security specialist Brian Krebs. After this, a similar attack was carried out on the European hosting provider OVH. The total power of this attack was 1 Tb / s. And this is not the limit.


In this list, a lamp with a version of “IrradiateHue” is infected with a virus.

With the help of network devices a few weeks ago, attackers managed to organize the disconnection of some regions of the US East Coast from the Internet. And the problem turned out to be just not in IoT-devices, but in their predecessors - DVR-cameras connected to the Network. But there is no problem in adding more modern devices to the cameras, infecting them with malicious software.

As for smart bulbs, Philips announced that the Hue firmware update has already been released with a recommendation for all users to install this update as soon as possible. True, the threat of hacking in Philips is not taken too seriously. "We rated the value of this type of hacking as low, because its use requires specialized software and the presence of a cracker near the lamps," said a spokesman for the company.

The developer, who discovered a vulnerability in the protection of lamps, said that Philips has eliminated only a hole in the protection of the firmware of the device, which opened the possibility of remote boot malware. But there is still the possibility of creating fake malicious firmware updates and the theoretical possibility of downloading this firmware to one of the devices, which then performs the rest of the work on its own.

“We need to work together to get an idea of ​​the reliable ways to protect IoT devices ... or we may face a major attack in the near future that will affect all aspects of our life,” Ronen said.