BIoT Canada
News

Smart bulbs could cause security gaps: UTSA study


November 20, 2019  


Print this page
smart bulbs

UTSA researchers review the security gaps on smart bulbs exposing consumers to hacks. Photo courtesy UTSA.

Researchers from the University of Texas at San Antonio (UTSA) recently conducted a study on the security holes that exist in popular smart light brands. According to researchers, hackers may target smart bulbs because of some of their features.

“Your smart bulb could come equipped with infrared capabilities, and most users don’t know that the invisible wave spectrum can be controlled. You can misuse those lights,” said Murtuza Jadliwala, professor and director of the Security, Privacy, Trust and Ethics in Computing Research Lab in UTSA’s Department of Computer Science. “Any data can be stolen: texts or images. Anything that is stored in a computer.”

According to the study, “Light Ears: Information Leakage via Smart Lights,” some smart bulbs are able to connect to a network without a smart hub, a centralized hardware or software device where IoT products communicate with each other. Smart hubs usually connect locally or to the cloud, and are useful for IoT devices that use the Zigbee or Z-Wave protocols or Bluetooth, rather than Wi-Fi.

If smart bulbs have infrared capabilities, hackers can send commands via the infrared invisible light emanating from the bulbs to either steal data or spoof other connected IoT devices on the network.  The owner may not know about the hack because the hack is being conducted within a Wi-Fi network, without using the internet.

Jadliwala recommends purchasing a smart bulb that comes with its own smart hub, rather than a bulb that connects directly to other devices. He also recommends that manufacturers use more security precautions to limit the level of access these bulbs have to other smart home appliances or electronics.

The study was co-authored by Anindya Maiti and published in the journal Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies.