Hacking connected lightbulbs to breach Air-Gapped networks

Two of security researchers have shown how hackers can target connected lightbulbs to exfiltrate sensitive data from Air-Gapped networks.

Two of security researchers from the Weizmann Institute have shown how hackers can target connected lightbulbs to steal sensitive data from Air-Gapped networks.

The two researchers are Adi Shamir, the popular co-inventor of the RSA algorithm, and PHD student Eyal Ronen.

The experts highlighted that for both devices, the communications between the controllers and the lightbulbs were not encrypted allowing them to analyze communication protocol.

The hacking technique relies on modulate light pulses in two commercial bulbs, a Philips Hue and a LimitlessLED, to transfer data up to 100 meters away.

If the attackers are able to access the network hosting connected lightbulbs they can hack into them exploiting the lack of authentication and generate light signals that are unobservable to the human eye.

“All they needed was to subtly modulate light pulses in two bulbs on the market to convey data to a telescope up to 100 meters away, or have them create a strobe effect to bring on seizures. Both attacks were possible because authentication on the lightbulbs – a Philips Hue and a LimitlessLED – were found wanting, allowing anyone who could locate the devices to send commands.” wrote Thomas Fox-Brewster on Forbes.

The two experts presented their work at the IEEE Privacy and Security Symposium in Germany last week. In the case of the LimitlessLED, hackers that successfully access them can sniff the traffic and syphon an unencrypted Wi-Fi password used to connect to the bulb.

The Philips Hue lightbulbs are not affected by security bugs, but anyway hackers can exploit their abilities to manage the intensity of the light with 256 brightness levels.

The hardware used to carry out the attack is composed of a laptop, a TAOS TC3200 Color light-to-frequency converter, an Arduino tiny computer and a telescope, the overall cost of the equipment is less than $1,000.

The experts deployed a controller, connected to a PC running a malware, where the lightbulb was installed.

A telescope focused on the bulb was used to capture the rises and falls in the frequency of the light emitted from the lightbulbs and turn them to the Arduino.

The laptop is used to process bulk information gathered from the Arduino, the researchers explained their technique could allow to leak more than 10KB per day  through the connected lightbulbs.

The technique could be effective to exfiltrate private encryption keys and passwords from an “air-gapped” network.

The experts also highlighted that hackers can control the light intensity to “create strobes in the most sensitive frequencies,” creating a shocking effect.

“Such an attack could be directed at hospitals, schools and other public buildings using connected LEDs,” the paper read.

The research conducted by the experts confirms the necessity of a “security by design” approach for all the devices belonging to the Internet of Things.

“I think it’s a very big problem, not just with the specific attack we’ve shown with the lights. We should speak about how we do security in IoT,” Ronen said to Forbes. “The main issue [in the lightbulbs] is that there are not enough security measures.” 

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – connected lightbulbs, hacking)