When strangers can control our lights

September 04, 2017

Smart home products such as lamps controlled via mobile devices are becoming ever more popular in private households. We would, however, feel vulnerable in our own four walls if strangers suddenly started switching the lights in our homes on and off. Researchers at the IT Security Infrastructures group, Friedrich-Alexander University Erlangen-Nürnberg (FAU) have discovered security problems of this nature in smart lights manufactured by GE, IKEA, Philips and Osram.

Philipp Morgner and Zinaida Benenson's team managed to make connected lighting systems of different manufacturers flash for several hours with a single radio command sent from a distance of more than 100 metres away. Additionally, they were able to modify the bulbs using radio commands so that the user was unable to control them. It was even possible in certain situations change the colour or brightness of the light.

Inadequate security features

The FAU researchers discovered the security weaknesses in ZigBee, an important wireless standard employed for the control of smart home products. More than 100 million products that use ZigBee technology are estimated to have been distributed around the world. The most recent version, ZigBee 3.0, was released in December 2016. Part of this specification includes the touchlink commissioning procedure for adding new devices to an existing smart home network or to set up a new network. The team was able to demonstrate that the security features of touchlink commissioning are inadequate and make it vulnerable to attack. It is probable that other applications based on ZigBee that are relevant to security, such as heating systems, door locks and alarm systems, will also be affected in the future.

Manufacturers react to security risk

The research team recommended disabling touchlink commissioning in all future ZigBee 3.0 products. Some manufacturers have already reacted and made an update available to customers that significantly reduces the risk of an attack. The latest information is published on the following website: www1.informatik.uni-erlangen.de/content/zigbee-security-research

The IT Security Infrastructures group focuses on IT security in the context of the Internet of Things. The researcher's findings show that most manufacturers consider security issues to be less important than functionality and compatibility requirements. That is why the team has decided to identify vulnerabilities to motivate manufacturers to develop better security measures.
-end-


University of Erlangen-Nuremberg

Related Mobile Devices Articles from Brightsurf:

How mobile apps grab our attention
Aalto University researchers alongside international collaborators have done the first empirical study on how users pay visual attention to mobile app designs.

No association found between exposure to mobile devices and brain volume alterations in adolescents
New study of 2,500 Dutch children is the first to explore the relationship between brain volume and different doses of radiofrequency electromagnetic fields

Mobile devices blur work and personal privacy raising cyber risks, says QUT researcher
Organisations aren't moving quickly enough on cyber security threats linked to the drive toward using personal mobile devices in the workplace, warns a QUT privacy researcher.

Multi-mobile (M2) computing system makes android & iOS apps sharable on multiple devices
Computer scientists at Columbia Engineering have developed a new computing system that enables current, unmodified mobile apps to combine and share multiple devices, including cameras, displays, speakers, microphones, sensors, and GPS, across multiple smartphones and tablets.

The use of mobile phone and the development of new pathologies
Professor Raquel Cantero of the University of Malaga (UMA) has identified a generational change in the use of this finger due to the influence of new technologies.

Mobile devices don't reduce shared family time, study finds
The first study of the impact of digital mobile devices on different aspects of family time in the UK has found that children are spending more time at home with their parents rather than less -- but not in shared activities such as watching TV and eating.

Mobile, instant diagnosis of viruses
In a first for plant virology, a team from CIRAD recently used nanopore technology to sequence the entire genomes of two yam RNA viruses.

Wearable devices and mobile health technology: one step towards better health
With increasing efforts being made to address the current global obesity epidemic, wearable devices and mobile health ('mHealth') technology have emerged as promising tools for promoting physical activity.

Mobile health devices diagnose hidden heart condition in at-risk populations
New research shows wearable mobile health devices improved the rate of diagnosis of a dangerous heart condition called atrial fibrillation.

Ultrasound-firewall for mobile phones
Mobile phones and tablets through so-called audio tracking, can be used by means of ultrasound to unnoticeably track the behaviour of their users: for example, viewing certain videos or staying in specific rooms and places.

Read More: Mobile Devices News and Mobile Devices Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.