Hacking Internet Connected Light Bulbs

From the files of “why the fuck are you connecting this to the Internet?!” comes… internet connected light bulbs.

With a built-in mesh network.

The idea behind this is that only one bulb on the network needs access to your WiFi (why would you ever connect LIGHT BULBS to your WiFi?) and then you can control them all using a smartphone app (why would you ever want to control LIGHT BULBS with a SMARTPHONE APP?!).

As it happens the “smart bulb” designers were at least smart enough to encrypt the WiFi password when it passes from bulb to bulb over the mesh network.

Unfortunately they were not so smart and used a “universal” encryption key, which was extracted quickly enough by some hackers.

Leaving aside the head-scratchiness of the idea (evidently there’s enough demand for wireless, smartphone-controlled LED bulbs that they succeeded on Kickstarter — I fear for the future of humanity)…

Well, actually, it’s security-relevant so let’s look at why I consider this and other incarnations of the “Internet of Things” such an abomination. From the “smart bulb” Kickstarter video, “…multicolor LED bulb that’s controlled by your smartphone. Now for the first time, you have total control over your lights.”

Everyone spot the contradiction?

Yeah. No, with your old lights — filament in a mixed-gas atmosphere — you had total control over your lights. Switch down, lights off. Switch up, lights on, every time. If not, go down to the shop to buy a new one, or make your own with a bit of tungsten thread and glassblowing gear.

With these lights, your *SMARTPHONE* and every other device connected to the ENTIRE FUCKING INTERNET has control of your lights.

Are you epileptic? I suggest praying to whatever religious tradition you feel comfortable with that 4chan never, ever, ever finds out you have these installed. Or, that some Bulgarian botnet herder doesn’t decide they’d make a great addition to his criminal infrastructure, or whatever, and mucks up his malware coding.

This is the fundamental contradiction inherent to the “Internet of Things” in all its incarnations. Under the pretense of giving you more control and possibility (“look how cool I am, I can make my room look like a lame knockoff of a nightclub!”) they actually give you… LESS.

You give up a huge chunk of control to the “network,” and the network gives you some percentage back, enough to make it seem like you gained something in the bargain. After all, you weren’t using most of that capability anyway!

(If this sounds familiar, it’s the same argument banks make when they loan out your savings as part of fractional-reserve banking. Same shit, different day. Except here, replace the Rothschilds and Rockefellers with the Zuckerbergs and Nakamotos*.

* Well, Bitcoin is a new species. If the ‘psychopathic corporation’ out only for its own good caused all our problems so far, an autonomous corporation with nobody to keep it in check… by design… is gonna be GREAT!)

http://www.contextis.co.uk/blog/hacking-internet-connected-light-bulbs/

Advertisements
%d bloggers like this: