Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Researchers Use Smart Bulb for Data Exfiltration

Researchers with software risk measurement and management company Checkmarx were able to create two mobile applications that abuse the functionality of smart bulbs for data exfiltration.

Researchers with software risk measurement and management company Checkmarx were able to create two mobile applications that abuse the functionality of smart bulbs for data exfiltration.

For their experiment, the researchers used the Magic Blue smart bulbs, which work with both Android and iOS, and which rely on Bluetooth 4.0 for communication. The devices are made by a Chinese company called Zengge, which claims to be a supplier for brands such as Philips and Osram.

The bulbs are marketed as supporting Bluetooth Low Energy (Bluetooth LE or Bluetooth Smart) and the researchers focused on those using the Low Energy Attribute Protocol (ATT). Some of the bulbs are only Bluetooth Smart Ready, the researchers said.

The bulbs use Just Works as pairing method, which allowed Checkmarx to sniff the communication with the mobile application used for control. The Android application, the company discovered, works with other bulbs that have the same characteristics as well.

The researchers paired the mobile phone running the iLight app with the smart bulb and started controlling the device, while also attempting to capture the traffic. After discovering commands in the analyzed traffic, they also downloaded the application to a PC and analyzed it to see whether the discovered commands are indeed present in the app.

At this point, the researchers concluded that they have all the tools necessary to attempt data exfiltration by modifying the smart bulb’s color and warm levels. The idea was to use light to transfer information from a compromised device to the attacker.

“Light can achieve longer distances, which was our goal. Imagine the following attack scenario: a BLE device (smartphone) gets compromised with malware. The malware steals the user’s credentials. The stolen information is sent to an attacker using a BLE light bulb nearby,” Checkmarx notes.

To receive the exfiltrated data, an attacker would only need a smartphone connected to a telescope for wider range, and the victim would never notice that any type of exfiltration actually took place.

Advertisement. Scroll to continue reading.

For their experiment, the researchers created two applications. One would be installed on the victim’s device for data exfiltration purposes, while the second would run on the attacker’s smartphone, capable of receiving the data.

The exfiltration app was designed to change the blue light intensity to send data: weaker intensity for binary 1 and stronger for binary 0. The receiver only needs a smartphone camera to detect and process the data.

The exfiltration application can run in either Normal or Stealth mode. The Normal mode, possibly visible to human-eye, allows the attacker to reach longer distances for data transmission. The Stealth mode, more difficult to observe to the human eye due to the used shades of blue, makes the air gap exfiltration very hard to detect, the researchers say.

“These methods will work on every smart bulb that allows control by an attacker. In the future, we would like to create a better proof of concept that allows us to test a database of vulnerable bulbs and even implement AI to learn and implement new bulbs along the way,” Checkmarx concludes.

Related: Samsung Patches Critical Vulnerabilities in SmartThings Hub

Related: IoT Worm Could Hack All Smart Lights in a City

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.