The new warning about the vulnerabilities of smart home devices comes from the University of Erlangen-Nuremberg. The researchers have unveiled security concerns with smart lights manufactured by companies like GE, IKEA, Philips and Osram.
The smart home represents a key area for technologists and businesses to develop new products for with a notable rise in consumer interest over the past year. The basis is connectivity, controlling parts of the home, such as multi-colored lights, through mobile technology.
To demonstrate the security weaknesses of home lighting, academics Philipp Morgner and Zinaida Benenson connected into smart lighting systems of different manufacturers. In each case they made the home lights flash for several hours via single radio command. The radio signal was sent from around 100 meters away.
In a further trial, the researchers were able to modify the bulbs via radio commands which led to the home owners being unable to control the lights. With some manufacturers it was also possible to change the color and brightness of the lights.
In each case smart lights, from leading suppliers, were shown to possess inadequate security features. This comes down to ZigBee, which is a common wireless standard employed used to control a range of smart home products. In the past two years some 100 million products have been distributed worldwide containing ZigBee technology.
The vulnerability exists with the latest version – ZigBee 3.0 – which was issued in December 2016. The new version has a touchlink commissioning procedure which enables the user to add new devices to an existing smart home network. The touchlink commissioning was shown to be an easy route in for would-be hackers. This infers that other aspects of the smart home, in addition to lighting systems, are also inadequate and similarly vulnerable to attack. Thus security vulnerabilities could extent to heating systems, door locks and security alarm systems.
The industry has responded to the concerns and new security features are being installed by several manufactures. A website has been set up by the university to detail the progress being made to address security concerns with smart home devices.
Nevertheless, the research demonstrates how companies manufacturing devices for the home Internet of Things need to carefully embed security protection and that security should be seen as something of equal importance compared with functionality and compatibility requirements.
