Deral Heiland, Research Lead at Rapid7, is disclosing a vulnerability that reveals how popular home lighting system, Osram Lightify leaves users vulnerable to attack. A link to the blog post with additional details can be found here.
Specifically, a malicious actor can:
Execute commands to change lighting, and also execute commands to reconfigure the devices
Inject code which could modify the system configuration, exfiltrate or alter stored data, or take control of the product in order to launch browser-based attacks against the authenticated user’s workstation. Deral commented below.
“As consumer based IoT solutions find their way into our enterprise networks, we must continue to be diligent. Simple IoT technology solutions, such as lighting automation, can easily be overlooked as a risk. But as shown in my recent IoT research project even enterprise IoT lighting solution can suffer from a number of vulnerabilities. If these issues go unchecked they can lead to increased risk for any organisations that deploy them such as unauthorised access to a corporate and home network when technology is compromised, and the extraction of data that can further compromise IoT systems, internal networks and authenticated user host systems attached to the IoT solutions.
That does not mean we should avoid leveraging these new automation technologies, but does show that we need to build better policy around managing the risk and develop processes on how to deploy these technologies in a manner that does not add any unnecessary risk.”
New Vulnerability Found By Rapid7 Sheds Light On Smart Home Safety
Deral Heiland, Research Lead at Rapid7, is disclosing a vulnerability that reveals how popular home lighting system, Osram Lightify leaves users vulnerable to attack. A link to the blog post with additional details can be found here.
Specifically, a malicious actor can:
Deral Heiland, Research Lead at Rapid7:
That does not mean we should avoid leveraging these new automation technologies, but does show that we need to build better policy around managing the risk and develop processes on how to deploy these technologies in a manner that does not add any unnecessary risk.”
Recent Posts
What Expert Says On Marqeta Expanding Credit Platform With 40 New APIs
ZuoRAT Malware Targets SOHO Routers In North America, Europe – Expert Comment
Geographic Solutions Ransomware, Experts Weigh In
Almost Half Of UK Organisations Now Encrypt All Data, According To Annual Apricorn Survey
Your Comments On Macmillan Ransomware Attack