This is exactly the sort of Internet-of-Things attack that has me worried:
“IoT Goes Nuclear: Creating a ZigBee Chain Reaction” by Eyal Ronen, Colin OFlynn, Adi Shamir and Achi-Or Weingarten.
Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack.
I’m now a owner of the Philips Hue lights after my mistake buying cheaper Hue lights from eBay (which turned out to be the American versions) and finally converting all the lighting pendulums to standard B22 bayonets from CFL BLT 4 Pins.
I bought the Zigbee bridge from ebay too and been buying the bulbs one by one. But then I decided to buy a starter kit, as it was more cost effective and I could sell the spare zigbee bridge if not needed. Everything was fine till I couldn’t control the new lights. After a look around the web, it become clear the bulbs were locked to the zigbee bridge which it came with.
I won’t lie I was peed! I took to Twitter to tell Philips what I felt…
I can not believe Philips @tweetHue lights starter sets are tied to the bridge! 🙁 Shocking!
— Ian Forrester (@cubicgarden) July 21, 2015
Locked internet of things devices, deeply worries me! Philips say they do it for security reasons but frankly thats balls.
— Meet hue (@tweethue) November 21, 2012
After the steam had stopped pouring out my head and I put the bulbs back in the box to send back tomorrow. I looked around and found people talking about a app called Lampstealer. It seemed to factory reset the bulbs so the old bridge could discover it like normal.
The problem… It ran on Windows and OSX only. Of course the hackers got us covered!
When you buy two Philips Hue light start kits, you have the problem that the lights are already paired with the bridge in each starter pack. When you search you will find a lot of people whining about how unfair this is and people talking about the “Lampstealer” OSX app that Philips released to fix it. I tried using the lamp stealer app but it would never find my bridge. I could also not use QuickHue which supposedly supported the lamp stealer function because it was compiled for OSX 10.8 and I still run 10.7.x. And compiling it from source with xcode didn’t work, likely due missing libraries and other mistakes I made since I’m not too familiar with Xcode.
I found out that the solution was really really simple, and requires no OSX, java or advanced rocket science. Place a bulb of the second starter kit into a socket within 30cm of the bridge from the first starterpack. Telnet to port 30000 of the bridge and type:
The light should blink a few times to acknowledge the hostile takeover.
I did it and now I’m sitting pretty with 7 Philips Hues all tied to the zigbee bridge I bought from eBay. Everything is now working correctly and I’m looking forward to playing with the geofencing and ifttt controls. I just need to sort out my lampshades now…
I have been watching the Home automation market for a long while now and with all the security problems, have decided its time to get involved. Lights seem to be alright when it comes to security risk.
Belkin Wemo vs Philips Hue for a Ubuntu and Android owner? Which would be the best option?
— Ian Forrester (@cubicgarden) January 2, 2015
So what am I after?
- A range of LED bulbs and lights (bayonet and edison screw)
- Support for Android at the minimum, IFTTT, Web and Linux would be great.
- The ability to join my network either via Zigbee or something else.
After my brief twitter chat with Sam and Tony, I now know Philips Hue Lux is out, Wemo also maybe out due to the colour. LiFX looks interesting but the lack of a wireless bridge worries me with bigger install plans. Plus I think there is a benefit to a bridge to connect other zigbee devices which are coming on to the market. Originally I was thinking about getting a almond plus router but then picked up the TPlink Archer D7 over the holidays at a good price.
It looks like the Philips Hue Lux is the best option to get started. With those I can hook it up to my Sleep as Android app, recreating my very old Philips wake up light.
I can then add a light to my living room for use while chilling out and watching films on xbmc/kodi.