I am a big fan of microprocessors being shoved into things; just ask my doctor. But the reality is, if you just stick a microprocessor and a radio into things willy-nilly without proper security, you open the door to both serious problems and utter stupidity. Take Phillips’ Hue lightbulbs; somebody just found a security flaw.
Yes, they found a security flaw in a lightbulb. And as goofy as it is, it betrays some pretty serious problems.
This takes a little explanation. The Hue bulb is controlled via computer or smartphone to perform various tricks, like slowly light up over a set period of time, configure your lights to show a specific shade, or be turned on and off remotely.
You can already see where this might go horribly wrong. And here’s security researcher Nitesh Dhanjani with how to completely mess with your neighbor:
Yes, you just saw a malicious website black out an entire room. Fortunately, as Dhanjani notes, this is mostly the realm of juvenile dickery instead of a serious security menace. But it does illustrate a serious problem.
Reports are increasingly coming in from security researchers about shoddy protections and even a total lack of protection on objects that are connected to wireless networks. Lightbulbs are one thing: How about a security flaw in a pacemaker? Or if you’ve got a smart home, being completely locked out of your house, or discovering somebody decided to flip off the heat during a cold winter’s night? Oh, and also, your router is a toxic mess of security flaws as well, so that might be the traitor that undoes you.
It’s a problem that nobody involved with this stuff seems interested in discussing, let alone solving. So, essentially, before you connect anything to your Internet of Things, you might want to see if it’s secured first.