The problem of connected lighting
Security experts have been constantly trying to demonstrate the vulnerabilities that businesses face in unre measurements of connected objects.
These devices can allow hackers to attack them, through vulnerabilities that have always been proven.
This article will also interest you: How to secure connected objects in business?
Connected light bulbs are no exception to the problem. Being also connected objects, with other tools used constantly in infrastructure, its tools when they have a lot of features related to their design. These include energy savings, centralized piloting and adjustments to the conditions real-time work. Despite the many advantages that these devices proposals, it should not be overlooked, however, that the dangerous nature of the computer security plan. It is no secret that anyone is. their security vulnerabilities are remotely exploitable, can put worse and the company's information system.
The computer security company, Checkpoint, has conducted studies of potential vulnerabilities in light bulbs connected when they are affiliated with a corporate network or in the computer system of a local authority, for example. This test falls given the magnitude that these tools are beginning to take, with their massive deployment for a few months now. Connected light bulbs used for this test were Philips hues. One of the first technologies of its kind marketed to the general public.Several vulnerabilities have been uncovered one day, security vulnerabilities which was easily exploitable remotely.
Checkpoint researchers discovered the vulnerability precisely in the ZigBee wireless protocol. A protocol used in the control of several connected objects. The flaw discovered by specialists has been in existence since 2017. It then allowed them to take control of one of Philips' bulbs to install a micro malware. Then through this feat, spread it to other connected bulbs nearby. They even managed to attack the controller of connected bulbs, opening the door to the company's computer system. Yaniv Balmas, head of research at Check Point Research, said: "Many of us are aware that connected objects can pose a security risk, but this study demonstrates how even the most mundane, seemingly "passive" devices such as light bulbs can be exploited by hackers and used to take control of networks or install malware. (…) It is essential that businesses and individuals protect themselves from these potential attacks by updating their devices with the latest patches, and separating them from other devices in their networks to limit the spread of possible malware. (…) We cannot afford to neglect the security of everything connected to our networks. ».
As a result, the manufacturer of connected light bulbs put cause, Philips fixed the security flaw. He even assures that the newer bulbs have been stripped of this vulnerability. But this feat by Checkpoint's specialists has highlighted the fact that the security system implanted in these connected devices is not yet fully mastered despite the fact that they have been around for a long time. What is of course makes them ideal for potential computer attacks. This is precisely why Infoblox's EMEA Technical Director, Malcolm Murphy, said: "Personal connected devices are easily detected by cyber criminals, they are a weak entry point into the network and represent a serious risk to the security of the organization. Without a comprehensive view of the security policies of devices connected to their network, IT teams are fighting a losing battle to ensure the security of the ever-expanding network perimeter. ».
Now access an unlimited number of passwords: