Why hackers might be drawn to your smart light bulbs

The technology that can turn on the lights in your home with a simple swipe on your smartphonemay seem really cool. Thing is, hackers could have their eye on the same thing.

New research by Dalhousie University PhD student ColinO'Flynn and colleagues in Israel has found smart bulbs could be susceptible to infiltration so much so that lights in a household, or even an apartment buildingoutfitted with the technology, could be taken over by hackers.

• Internet of things puts all at risk
• Attack knocks out Twitter, PayPal

The researchers have released a draft paper, which hasn't yet been published in a journal or peer-reviewed, that details a study of Philips Hue lamps, which use LED light bulbs operated through apps.

O'Flynn, who studies in the department of electrical and computer engineering at Dalhousie, said the study looked at two things: "Can youreprogramit? Can you make it do bad things?"

The answers were yes and yes, according to theresearch.

Lights out

The researchers drove around their campus, theWeizmann Institute of Science in Israel, and controlled lights along the route, making them blink SOS in Morse code. They also flew a drone,with an attached device, over officebuildings.

O'Flynn and his colleagues were able to make the bulbs talk to each other, which means it was possible to create a widespread viral infection.

Someone could program their light bulb to turn off their neighbour's, for instance. The range of avirus could be from 30to about 400 metres, O'Flynn said.

"What happens if it's a big city and these are really popular?" O'Flynn said on CBC's Information Morning. "Maybe somewhere like San Francisco that might have a whole apartment building where a lot of people have these bulbs. Could you turn off a whole building? Could you do other stuff with them?"

No virus, company says

In a statement, Philips said its bulbs have not been infected by any virus and that it moved to patch a potential vulnerability when notified of it by the researchers last summer.

"The academics with whom we co-operated via our responsible disclosure process merely demonstrated the possibility of an attack," the statement said.

"They did not create a virus nor disclose information necessary for someone else to do so. Their research findings helped us to develop and roll out the software update."

The company recommends customers install the update using the Philips Hue app.

The internet of things

There are many devices, from thermostats to security cameras, that are now part of "the internet of things," which means they connect to the weband can be accessed through a smartphone.

One little device can be used to get into another, O'Flynn said.

Recently, hackers crippled Dyn Inc., a major U.S. internet firm, which disrupted the availability of popular websites including Twitter, Netflix and PayPal.

A group claiming to be responsible for the attack said it organized networks of connected devices to create a massive botnet that threw 1.2 trillion bits of data every second at Dyn's servers, overwhelming the targeted machines.

• Internet of things industry puts all at risk, experts say

Consumer pressure

Items like smartphones or even a fridge have the potential to be affected, O'Flynn said.

"Maybe from this smart bulb you could get into a wireless thermostat. From that you can get onto some other network," O'Flynn said.

He said there are solutions, but they cost companies money and time.

"It's really up to consumers to push the manufacturers," O'Flynn said. "The only reason they won't put good money into security is people don't ask for it."