Unwanted lighting control feature


(Mark B) #1

If there ever was a plea for providing built-in safeguards for SmartThing tie-ins to deter hacking ( a Hue lighting system in this particular case) this video might provide some inspiration …


(Chrisb) #2

Interesting. Honestly it seems/appears that the attacker would have to have root access to the computer involved here, which means he or she probably is already able to do other bad things to the individual. But it certainly does drive home that as the IOT’s moves from computers to things it does open more avenues for danger and trouble.

ST needs to stay on top of security. It’s not just my lights they’ll be able to mess with… they could easily open my side door or my garages as well.

And while I’ll maintain that someone who’s intent on robbing my house can find much easier ways to gain access rather than trying to hack into SmartThings system, identify my setup, get into it and unlock my door, a “prankster” might open my garage doors just to “mess with people.” Now I become a victim of opportunity. A potential thief walking down the street sees and open garage and could slip in and out with something of mine in a heart beat.


(Mark B) #3

Sounds perfectly reasonable to believe there will be “opportunity” for the developer community to create safeguards to counter the hacks of pranksters seeking to compromise one’s IOT set-up.

The guy who provided that video sure seems to be a deep thinker on that topic.
Check out his (46 page!) whitepaper aptly named: Hacking Lightbulbs: Security Evaluation of the Philips hue Personal Wireless Lighting System. He even shows code examples.

http://www.dhanjani.com/docs/Hacking%20Lighbulbs%20Hue%20Dhanjani%202013.pdf


(Justin Novack) #4

This is a completely targeted attack and just plain old FUD. First off, who the hell still allows Java to run in their home browser?? Java has an exploit WEEKLY.