Smart light bulbs may be the next big IoT attack vector and researchers have now created a proof-of-concept worm that can be used to spread across smart light bulbs, potentially infecting an entire network and opening them up to exploitation. IT security experts from the prpl Foundation and AlienVault commented below.
Cesare Garlati, Chief Security Strategist at the prpl Foundation:
“Zigbee was never intended to be a secure wireless technology, at least by current standards. The ability to remotely hijack a large number of electric loads (i.e. light bulbs) represents a real safety concern – due to the impact this kind of attack can have on the electrical grid. However, Zigbee attacks are unlikely to result in DDOS attacks against Internet targets – such as seen with Mirai – as Zigbee devices don’t connect directly to the Internet and, in any case, have very limited bandwidth or the ability to create Internet disruption.”
Javvad Malik, Security Advocate at AlienVault:
“When it comes to Internet connected devices there are three primary attack cases:
- Using IoT devices to attack
- Attacking IoT devices themselves3
- . Leveraging IoT devices to leak sensitive information.
The botnet attack a couple of weeks ago was a prime example of 1.
This research is a prime example of 2 whereby the devices themselves (bulbs) are the target.
Like the botnet, the viability and the impact of such attacks should not be underestimated. IoT devices are typically woefully inadequate to defend against direct attacks, and few companies actively monitor IoT device status or traffic.
While there are many benefits to IoT devices, they need to be recognised as valuable assets and the right level of security built around them.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…