Drone took control of lighting system of a building.
A team of researchers demonstrated the hacking abilities of a new drone that can infect Hue lamps of a building with worms that take control of the lighting system.
In most smart cities, the Internet of Things is interconnected so densely that if one system is compromised rest of the devices will automatically become susceptible to hacks. In the worst case, if a perverted hacker thinks out of the box and decides to take down the whole city, which theoretically is possible, that could open a pandora box of eventualities.
A few weeks back a massive DDoS attack using IoT-botnet was reported by The New York Times and they titled it “IoT Goes Nuclear.”
For instance, like shown in the demonstration, if a hacker decides to take control of a newly purchased Hue System that is controlled using an app it is hard to stop them. Let’s say in the middle of the night one see a drone flying and suddenly all lights start misbehaving with the app that controls the lighting system stuck. Soon the lights go off and the whole building is in pitch dark.
According to the researchers, the above scenario can be caused by a worm that sets off from a drone or a nearby car that sets off a chain reaction without physically accessing the lights.
In the video, one can see that as the drone nears the building the worm is sent and the lights signaling SOS repeatedly in Morse code. As the drone further nears the building, more lights become affected and the whole floor looks unstable.
The researchers from Weizmann Institute of Science and Dalhousie University said they executed the chain-reaction attack by exploiting a vulnerability in the ZigBee wireless communications protocol, a widely-used home automation protocol found at the core of millions of today’s most popular smart home devices.
ZigBee powered devices include the Philips Hue, Nest thermostat, and Logitech Harmony Ultimate home-control hub. The researchers deployed the worm by exploiting a weakness in Philips’ encryption to force an over-the-air firmware update using an “autonomous attack kit” built from “readily available equipment” costing just a few hundred dollars.
The researchers alerted Philips about the vulnerability in its system and the patch was issued last month. But the incident is a testimonial that for a trained hacker, it just takes a little time to take control of a whole building or even a city that is interconnected through a vulnerable network.