Researchers develop viral attack that could paralyse a city's LED light bulbs

In 2016, researchers at Dalhousie University in Canada and the Weizman Institute of Science in Israel developed a proof-of-concept attack that allowed them to take control of  LED light bulbs from a distance of up to 400 metres by exploiting a flaw in the Zigbee protocol implementation used in the Philips Hue system. Because the same key was used in every bulb, once it had been extracted from one bulb it could be reused on all of them. Writing a new operating system to one of the bulbs enabled that bulb to use its trusted status to infect all the bulbs within reach, eventually spreading the infection throughout an entire city. The result would be to allow the attacker to form the bulbs into a botnet to conduct DDoS attacks or turn all the lights on or off, render them permanently non-functional, or strobe them to cause epileptic seizures. Fixing the problem would require physically replacing every infected lightbulb and waiting for software updates to become available before turning them on again.

Writer: Danielle Correa
Publication: SC UK