Botnets and Smart-houses: Attack on Philip’s Hue Bulbs

15

October

2017

No ratings yet.

What is a botnet?

It is a collection of devices which are all connected to the internet, where each one is running one or more bots (autonomous program). These include any type of device that can be controlled by malware. Most of the time, the owners of these devices do not know that their devices are infected.

But why is this topic becoming more important? With more variety and cheaper devices becoming a part of ‘the internet of things’, there is a larger pool of devices which can be infected. Since many of these devices have very little security, they are easily infected and large networks are quickly made.

So, what can the hackers do with these botnets? They can take down websites with large DDoS attacks (you may have experienced these playing online games), that take down the servers by flooding their bandwidth using botnets. Secondly, they can commit click fraud, where advertisers online are led to believe people are clicking their ads. This could ultimately destroy the internet advertising model. Furthermore, they can use these their botnet network to mine bitcoins (and earn a considerable amount of money doing so).

However, another type of attack is equally frightening. The smart-LED-light system from Philips, the Philips Hue is just as vulnerable to attacks as any other device connected to the internet. These Hue lights allow the user to control their lights via the internet, with a lot of different functions. With more people adopting these type of technologies (myself included) large scale attacks can have serious effects.

Researchers from Canada were able to remotely hack hue bulbs from a distance of 70 meters using botnets, allowing them to control them. Not only is this something you obviously do not want as a consumer, but it can seriously damage an electrical grid of a densely populated area. This was all done with equipment only costing a few hundred dollars. Although the researchers worked together with Philips to improve their system, similar attacks may follow.

The Hue lights are only one aspect of a smart house. When more devices are added to your house for convenience, a hack can do a lot more damage. As a consumer who enjoys these technologies a lot, I am left to trust these large companies to improve their software to keep me protected. But to what extent can these technologies put me at risk? Are you willing to trade the risk of being hacked for the reward of  “super cool lights”?

https://www.technologyreview.com/s/603500/10-breakthrough-technologies-2017-botnets-of-things/

https://www.cnet.com/news/new-study-details-a-security-flaw-with-philips-hue-smart-bulbs/

Please rate this

Is the internet of things destroying the internet?

23

October

2016

No ratings yet.

With the rise of the internet of things, the internet and its advantages as well as dangers have become much more integrated with our devices. This also creates an opportunity for hackers to launch cyberattacks targeted to those connected devices. Due to the inherent properties of software, the internet of things can never be 100% secure.

Lately a botnet has been created out of a large array of cameras and other devices that fit into the internet of things. This so-called Mirai botnet consist of more than half a million nodes. The targets of this botnet and the consequences are not small with recently reported DDoS attacks to Dyn’s Domain Name System management services (DNS) infrastructure, resulting in outages of websites such as Twitter, Spotify and Reddit. It is estimated that just around 10% of the nodes of the botnet were used for this attack.

Examples of Internet of Things devices that are used in this Mirai botnet are for example security cameras. Ironically, many of those cameras cannot be easily updated to increase their data security. The amount of devices that can be used for such a bonnet is ever increasing. As it is impossible to control for the security of all software that is put on internet of things devices, the problem is only likely to become worse.

After a hacker put the source code to this botnet online on a hacking forum, more DDoS attacks were predicted by CERT, the US Computer Emergency Readiness Team. Given that the source code was published before the outages of e.g. Spotify and Twitter, this is also what happened.

What do you think about the future of this development? If software (or accompanying hardware) can never be 100% secure and the amount of connect devices increases how secure is the future even? Apart from DDoS attacks, how about all the internet connected sensors of these connected devices and its effect of the inherent properties of software on security and privacy? Let me know what you think!

 

https://motherboard.vice.com/tag/The+Internet+of+Hackable+Things

https://motherboard.vice.com/read/criminal-hackers-have-launched-a-turf-war-over-the-internet-of-shit

http://motherboard.vice.com/read/internet-of-things-malware-mirai-ddos

https://motherboard.vice.com/read/twitter-reddit-spotify-were-collateral-damage-in-major-internet-attack

Please rate this