
Novel Attack Technique Uses Smart Light Bulbs to Steal Data - yaseen-rob
https://www.bleepingcomputer.com/news/security/novel-attack-technique-uses-smart-light-bulbs-to-steal-data/
======
wlesieutre
If one of the "novel attacks" is against this:

>while in the case of video visualizations, the modifications reflect the
dominant color and brightness level in the current video frame.

How does this leak anything that your TV screen doesn't leak already?

This just in! People outside your window can see what color your TV screen is
glowing! People at particular angles can retrieve a 4K visual representation
of the media you're viewing!

~~~
userbinator
Also this:

 _Moreover, the adversary needs to plant malware that encodes private data
from the target device and sends it to the smart light bulbs._

...if you can already install/run code of your choice, why not just send the
data out over the network and into the Internet?

~~~
jessaustin
Maybe there is a firewall? Lots of people put smart bulbs on their own subnet
that is cut off from the internet.

~~~
lucb1e
Honestly, that doesn't strike me as something lots of people know how to do,
nor take the effort to.

------
mey
Reminds me of TEMPEST
[https://en.m.wikipedia.org/wiki/Tempest_%28codename%29](https://en.m.wikipedia.org/wiki/Tempest_%28codename%29)

and System bus radio [https://fulldecent.github.io/system-bus-
radio/](https://fulldecent.github.io/system-bus-radio/)

------
lxe
> Light bulbs need to support infrared lighting and should not require
> authorization for controlling them over the local network. Moreover, the
> adversary needs to plant malware that encodes private data from the target
> device and sends it to the smart light bulbs.

If you've already exploited the target device, why not just send private data
to the attacker's servers instead? This has to be one of the most convoluted
attack vectors.

~~~
sowbug
To exfiltrate data from a network not connected to the internet. Drop USB
drive in parking lot to get malware inside the network. Use a signaling
mechanism like this one to get data out.

~~~
dwighttk
Heck, drop a smart bulb in the parking lot...

~~~
zaarn
This might sound too obvious to work but I know a non-zero number of people
who picked up lightbulbs and plugged them in at home.

~~~
DonHopkins
I know a non-zero number of people who picked up telecommunications panels,
terminals, monitors, trunk test equipment, access codes and other items and
plugged them in at home.

[https://en.wikipedia.org/wiki/Kevin_Poulsen](https://en.wikipedia.org/wiki/Kevin_Poulsen)

[https://archive.org/stream/JustinTannerPeterson/1346919-0_-_...](https://archive.org/stream/JustinTannerPeterson/1346919-0_-_127588_-_Section_4_Serial__1_djvu.txt)

>A couple of hours later, Neal accompanied Poulsen to his condominium down the
street from SRI. Against one wall stood a six-foot-long phone monitoring
station. Strewn on the floor or stuffed in the closet were line-testing
equipment, trunk test sets, telecommunication panels, terminals, monitors,
cables and a switching device. At the same time that he had an SRI security
clearance, Poulsen had been pulling nighttime burglaries on Pacific Bell
facilities, stealing manuals, passwords, anything that might provide access,
the San Jose indictment charged. The handful of books and papers ranged from
"How to Buy Stocks" to a copy of "Watchmen," a violent comic book scries, to a
bright yellow report binder that might have been scribbled by an eighth-grader
but for its title. "Burglar Alarm Procedures."

>A police photograph taken at the scene showed Poulsen leaning against the
door, a sour look on his long face. "I had him sign a copy of what we were
taking away," says Neal. "I think he finally realized there wasn't going to be
an easy way out."

------
godelmachine
I am afraid this is already passé.

Cf. - [https://blog.acolyer.org/2017/06/22/iot-goes-nuclear-
creatin...](https://blog.acolyer.org/2017/06/22/iot-goes-nuclear-creating-a-
zigbee-chain-reaction/)

Please also read research work by Shyam Gollakota of University of Washington.

------
goldfeld
Alternatively: One more novel way to work stupid smart consumer habits into a
profit.

------
bayesian_horse
How many engineers do you need to change a smart light bulb?

Seriously, I don't know...

~~~
aloisdg
How many software engineers do you need to change a smart light bulb?

None. It is a hardware problem.

------
tjpnz
Your site is serving malware.

------
bayesian_horse
Ever heard of a laser microphone?

