IOT failure - again
-
Hue Lights - wow.. just so easy to hack... sigh
-
@hubtechagain You got these bulbs?
-
The entire article is blurred out for me.
I assume it's something like just entering the IP address of the lights in a browser on the same network and you have control...
-
@DustinB3403 said in IOT failure - again:
The entire article is blurred out for me.
I assume it's something like just entering the IP address of the lights in a browser on the same network and you have control...
They don't want you to know the truth!
-
@mlnews said in IOT failure - again:
@DustinB3403 said in IOT failure - again:
The entire article is blurred out for me.
I assume it's something like just entering the IP address of the lights in a browser on the same network and you have control...
They don't want you to know the truth!
Because he can't handle the truth!
-
@scottalanmiller said in IOT failure - again:
@mlnews said in IOT failure - again:
@DustinB3403 said in IOT failure - again:
The entire article is blurred out for me.
I assume it's something like just entering the IP address of the lights in a browser on the same network and you have control...
They don't want you to know the truth!
Because he can't handle the truth!
Makes sense.
-
They detect ad blockers and make you turn them off for the page.
-
At least you don't have to subscribe.
-
What's amazing about this hack is that you can infect one light bulb over the ZigBee network. Not the Wi-Fi network.
Once infected that light bulb will not reach out to other light bulbs and infect them and so on and so forth until the entire area is infected.
The whole hack takes place over the ZigBee network, so you can't protect it with firewalls, etc.
-
@Dashrender said in IOT failure - again:
The whole hack takes place over the ZigBee network, so you can't protect it with firewalls, etc.
How does a firewall not continue to protect? I'm no ZB expert, but shouldn't that still work?
-
How are they getting into the ZB network in the first place?
-
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
-
@brianlittlejohn said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
With security, though. There are keys between them.
-
@brianlittlejohn said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
Right, ,Zigbee is it's own connection that's not WiFi connection. With the mesh network they talk to each other and whatever basestations are in place.
The attack starts by an attacker getting withing 400 meters of a bulb allows them to connect to it, and upload the virus, that bulb then attaches to anything within range, again 400 m, and passes the virus (worm) around to other devices.
If the devices are close enough, you could blanket a whole city by infecting one device, this isn't that likely because they aren't deployed large enough yet.. but you get the idea.
-
@scottalanmiller said in IOT failure - again:
@brianlittlejohn said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
With security, though. There are keys between them.
Apparently that is trivial to bypass.
-
@Dashrender said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
@brianlittlejohn said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
With security, though. There are keys between them.
Apparently that is trivial to bypass.
You can mixing concepts. All that we know is that the bulbs themselves are wide open. That tells us literally nothing about the security vulnerabilities of ZigBee. That the bulbs are not secured doesn't suggest that ZB is the issue, but the bulbs themselves. Why would the bulbs even be mentioned if this could infect any ZB device?
-
@Dashrender said in IOT failure - again:
The attack starts by an attacker getting withing 400 meters of a bulb allows them to connect to it, and upload the virus, that bulb then attaches to anything within range, again 400 m, and passes the virus (worm) around to other devices.
ANY device? Are you sure? It's purely distance based and no security matters?
-
@scottalanmiller said in IOT failure - again:
@Dashrender said in IOT failure - again:
The attack starts by an attacker getting withing 400 meters of a bulb allows them to connect to it, and upload the virus, that bulb then attaches to anything within range, again 400 m, and passes the virus (worm) around to other devices.
ANY device? Are you sure? It's purely distance based and no security matters?
Why don't you read it and tell me what you think it says period then again this might not be the correct article for that because I didn't get the information from this article instead I got it from security Now.
-
The blurry article?
I don't see anything that suggests anything other than a bulb is vulnerable because it's wide open. Nothing that suggests it gets past ZB security. Only that bulbs don't have any.
-
@scottalanmiller said in IOT failure - again:
@Dashrender said in IOT failure - again:
The attack starts by an attacker getting withing 400 meters of a bulb allows them to connect to it, and upload the virus, that bulb then attaches to anything within range, again 400 m, and passes the virus (worm) around to other devices.
ANY device? Are you sure? It's purely distance based and no security matters?
I don't know if the whole Zigbee protocol is broken, but definitely the implementation of the Hue Lights is poor and allows this take over, according to the researchers.
