This is exactly the sort of Internet-of-Things attack that has me worried:
“IoT Goes Nuclear: Creating a ZigBee Chain Reaction” by Eyal Ronen, Colin OFlynn, Adi Shamir and Achi-Or Weingarten.
Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack.
I’m now a owner of the Philips Hue lights after my mistake buying cheaper Hue lights from eBay (which turned out to be the American versions) and finally converting all the lighting pendulums to standard B22 bayonets from CFL BLT 4 Pins.
I bought the Zigbee bridge from ebay too and been buying the bulbs one by one. But then I decided to buy a starter kit, as it was more cost effective and I could sell the spare zigbee bridge if not needed. Everything was fine till I couldn’t control the new lights. After a look around the web, it become clear the bulbs were locked to the zigbee bridge which it came with.
I won’t lie I was peed! I took to Twitter to tell Philips what I felt…
I can not believe Philips @tweetHue lights starter sets are tied to the bridge! 🙁 Shocking!
— Ian Forrester (@cubicgarden) July 21, 2015
Locked internet of things devices, deeply worries me! Philips say they do it for security reasons but frankly thats balls.
— Meet hue (@tweethue) November 21, 2012
After the steam had stopped pouring out my head and I put the bulbs back in the box to send back tomorrow. I looked around and found people talking about a app called Lampstealer. It seemed to factory reset the bulbs so the old bridge could discover it like normal.
The problem… It ran on Windows and OSX only. Of course the hackers got us covered!
When you buy two Philips Hue light start kits, you have the problem that the lights are already paired with the bridge in each starter pack. When you search you will find a lot of people whining about how unfair this is and people talking about the “Lampstealer” OSX app that Philips released to fix it. I tried using the lamp stealer app but it would never find my bridge. I could also not use QuickHue which supposedly supported the lamp stealer function because it was compiled for OSX 10.8 and I still run 10.7.x. And compiling it from source with xcode didn’t work, likely due missing libraries and other mistakes I made since I’m not too familiar with Xcode.
I found out that the solution was really really simple, and requires no OSX, java or advanced rocket science. Place a bulb of the second starter kit into a socket within 30cm of the bridge from the first starterpack. Telnet to port 30000 of the bridge and type:
The light should blink a few times to acknowledge the hostile takeover.
I did it and now I’m sitting pretty with 7 Philips Hues all tied to the zigbee bridge I bought from eBay. Everything is now working correctly and I’m looking forward to playing with the geofencing and ifttt controls. I just need to sort out my lampshades now…
I bought into the Philips Hue system a while ago by buying the part I needed and then the lights afterwards. There are a tons of people selling the wired zeegbee bridge for as low as 25 pounds (I paid 26 for mine) then you can get a bulbs afterwards for much cheaper than the starter kit at 170 pounds.
So this is what I did…
However I hit a problem, the first Philips Hue Lux light came and I could see it on the app via the bridge but couldn’t control it. I tried a lot of things including upgrading the system and rebooting the bridge. But it just didn’t response to anything I did. I thought well maybe its a dodgy bulb from ebay. However the next bulb came and I couldn’t even see it via the bridge.
I also ordered some via Amazon and they worked straight away, as expected! I looked into the differences and found some bad news…
Philips will void warranty if 110V bulbs are used with 220V power and vice versa. Closer look at the packaging shows there maybe a problem.
So it looks like I have 2 American bulbs which I’ll have to put back on ebay at a lost (if it works at all?)
The good news is I have replaced my Philips Light/Wakeup clock with a Hue light which slowly turns on when Sleep as Android thinks its time to wake up. Apartment therapy you are wrong, using your phone as an alarm makes perfect sense, when used in the right way.
After my blog post asking about which smart lighting system works best for me… I choose the Philips Hue system but why?
- Philips made its simple REST API public! Yeh!
- Seen activity of people hacking around with the Philips hue lights.
- Replace my aging and dying Philips Light/wake-up clock.
It keeps waking me up at the wrong time of the night and missing the alarm time! I barely use it because of this. Looking forward to combining my sleep pattern with my wake up. May even help with my alertness?
- Have better control over my living room lighting.
I like warm lights at night and hate the way the lights are in my living room at the moment but don’t want to do the massive alterations to change it at the moment.
- I really want to experiment with XBMC and a Ambelight style setup