
Hacking into Internet-Connected Light Bulbs - TomAnthony
http://www.contextis.co.uk/blog/hacking-internet-connected-light-bulbs/
======
Udo
That reminds me of a little accident I had with my home automation interface.

In an effort to make the UI accessible from the outside (for me), I forwarded
the Raspberry Pi's HTTP server port to the server where I host my normal web
stuff. Only I screwed up the proxy rule in the NginX config. All of a sudden,
lights and blinds went haywire all over the house.

Turns out whoever visited any of my domains at the time got the HA control
panel instead. And people clicked on the devices!

~~~
wildpeaks
Add a webcam and turn it into an art installation :)

~~~
Udo
Surveillance cams are part of the setup ;) They're old, modified Android
phones, actually.

------
kevinbowman
I have the pleasure of having been involved with one of the first network
protocol reverse-engineers of the LIFX [0], and off the back of that hacked
together a NodeJS library and a Wireshark dissector. I've updated the NodeJS
lib to handle the new firmware (it does more over UDP, whereas it used to use
a mixture of UDP and TCP) but not the dissector yet.

There's absolutely no authentication on the network protocol at all; as long
as you're in the same network as the bulbs then you can send UDP packets and
control the bulbs. I imagine this is a good and a bad thing; XBoxes
automatically setting mood lighting when playing games etc... I'd rather they
had to ask my permission before doing that, though.

[0]
[https://github.com/magicmonkey/lifxjs/blob/master/Protocol.m...](https://github.com/magicmonkey/lifxjs/blob/master/Protocol.md)

~~~
RyJones
They're a member of the AllSeen Alliance, so in the future they will probably
support AllJoyn for control.

Disclaimer: I work on AllJoyn.

[https://git.allseenalliance.org/cgit/lighting/service_framew...](https://git.allseenalliance.org/cgit/lighting/service_framework.git/summary)
[https://allseenalliance.org](https://allseenalliance.org)

------
vfclists
What is the purpose of internet connected light bulbs? Is the internet of
things a way to spy on people who remove the batteries from their mobile
phones or what?

Is it just some excuse to con investors into buying stocks in some insanely
valued IPOs?

I don't mean to be negative and I understand the value of information in our
economic life, but how much info is required from the internet of things to
support our home life of eating, drinking, fornicating, watching TV and going
to bed at the end of day?

who keeps all this info and what to they do with it?

~~~
icebraining
I'm pretty sure the intersection of people worried enough to remove the
batteries from their cellphones and willing to buy internet-connected
lightbulbs is indistinguishable from the null set.

As for their purpose, well, to the company it's too make money, to the buyers,
that's explained by this classic¹ strip of C&H:
[http://assets.amuniversal.com/6e921050df960131725e005056a954...](http://assets.amuniversal.com/6e921050df960131725e005056a9545d)

¹ yes, it's redundant, I know

------
userbinator
A _light bulb_ has more processing power than the PC I used in the early 90s.
What an interesting world we live in.

~~~
pling
Just remember that back then your computer was unreliable and your light bulb
was reliable.

Now your light bulb is unreliable as well as your computer :)

~~~
a3n
The light bulb halting problem, pre-IoT: Will it turn off? Yes.

The light bulb halting problem, now: Will it turn off? Impossible to say.

~~~
sp332
"Lightbulb, compute to the last digit the value of pi!"

------
__david__
> Due to the technical challenges involved, specialist equipment required and
> general perception that it would be the hardest, we decided to begin our
> search for vulnerabilities in the intra-bulb 802.15.4 6LoWPAN wireless mesh
> network.

Sentences like that make me happy. I love the hacker spirit.

~~~
dmd
Wait, _intra-_ bulb? There's a wireless mesh network within different parts of
the bulb, not just between the bulbs?

~~~
Ecio78
I suppose it's a typo or a mistake between _intra_ and _inter_

------
easy_rider
I just bought 3 Miilight bulbs, and obviously after installing them I was
like. Man my neighbours could probably control my lights... I also have a RF
remote which operates on 2,4ghz and does not require network authentication.
The Wifi bridge does require authentication however. I was thinking of
building an RF "cannon" with a directional antenna and see how far I can go. I
also got a DVB-T dongle. I should be able to "catch" the signal, right?

~~~
DanHulton
I can't seem to find anything on the Googles for that product.

Is it spelled correctly? Can you give me a link to it? I'm interested in home
automation, but all the ones I've looked into so far don't really do it for
me.

~~~
easy_rider
Thanks guys, typo indeed. [0]

Here is a article [1] describing a setup involving this type of RGB light and
the raspberry. It also covers some other type of RGB lights.

The wifi bridge has been sitting on my desk for a while now. not bothered yet
since the remote is sufficient for now. So can not really comment on that.
Otherwise happy with one of the cheaper alternatives. No problems as of yet.
Waiting for my lights to get switched on and off though :D The remote doesn't
require line of sight as its RF, and already has quite the range.

[0] [http://www.milight.com/](http://www.milight.com/)

[1] [http://iqjar.com/jar/home-automation-using-the-raspberry-
pi-...](http://iqjar.com/jar/home-automation-using-the-raspberry-pi-to-
control-the-lights-in-your-home-over-wi-fi/)

------
cryo
The LIFX guys should asap enable the lock bits on the micro conrollers.
Reading out the firmware from a product is a no-go.

The TI CC2538 should be safe against attacks in which the flash could be
obtained even after a chip erase like in older modules [1].

[1] TI CC2430 Attack [http://www.blackhat.com/presentations/bh-
usa-09/GOODSPEED/BH...](http://www.blackhat.com/presentations/bh-
usa-09/GOODSPEED/BHUSA09-Goodspeed-ZigbeeChips-PAPER.pdf)

~~~
e12e
They're distributing the firmware on-line (for updates) -- why prevent reading
the firmware from the chip itself?

~~~
mschuster91
Distribute encrypted firmwares instead so that hackers have to first extract
the (in this case globally distributed) private key.

~~~
TeMPOraL
Ruining the fun for everyone of us :(.

Seriously, I dislike this trend of making everything a closed and encrypted
black box accessible only through official channels (that will disappear in 3
years anyway) for reasons mostly related to money-making and not really
security. I think this is will, if continued, slow down the rate of
technological progress and development of new ideas.

To quote pg,

" _It is by poking about inside current technology that hackers get ideas for
the next generation. No thanks, intellectual homeowners may say, we don 't
need any outside help. But they're wrong. The next generation of computer
technology has often—perhaps more often than not—been developed by
outsiders._"

[http://paulgraham.com/gba.html](http://paulgraham.com/gba.html)

~~~
cryo
The hacker in me totally agrees with that point of view. It would be awesome
to have a chance to decompile firmware and analyse and hack the communication
protocols.

But then security is important (which is true for almost all wireless stuff),
things are quite different. It's pretty hard to build embedded devices which
provide basic means of security without having a poor user experience.

~~~
e12e
If the security of the system relies on the system be secret, as opposed to
the keys being secret, the system isn't secure... As have been shown again and
again, you can't give someone the code (obfuscated, compiled, encrypted along
with the decryption key) and also not give them the code.

So you'll slow down reversing, and probably deter most hobbyists -- but not
anyone with anything tangible to gain from breaking your system. Personally I
think "obviously insecure" is better than "might be somewhat safe".

------
tokenizerrr
At the end a new secure on-boarding mechanism is mentioned. How does this now
work?

~~~
Timmmmbob
Presumably you have to use a smart phone to connect to each bulb when you
install it and send it a non-fixed key.

------
spb
But who would want to hack a lightbulb?
[http://www.gunpointgame.com/](http://www.gunpointgame.com/)

------
e12e
Great stuff. And yet, all I can think of is:

CRASH AND BURN

