Researchers at Friedrich-Alexander University Erlangen-Nurnberg in Germany have discovered security problems in smart lighting systems developed by GE, IKEA, Phillips, and Osram.
The team caused connected lighting systems to flash for several hours with a single radio command sent from a distance of more than 100 meters. In addition, the researchers modified the bulbs using radio commands so the user was unable to control them, and in certain situations they were able to change the color or brightness of the light.
The team discovered the security vulnerability in ZigBee, a wireless standard used in more than 100 million products around the world.
The researchers showed the security features of touchlink commissioning are inadequate and leave the system vulnerable to attacks. The team recommends disabling touchlink commissioning in all future ZigBee products, and notes some manufacturers already have made an update available to customers that significantly reduces the risk of an attack.
From Friedrich-Alexander University Erlangen-Nurnberg (Germany)
View Full Article
Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA