Leaking data with smart bulbs

Share this…

A team of researchers has developed a couple of apps that take advantage of the functionalities of smart bulbs for data leaking

Researchers from a cybersecurity and digital forensics firm developed two mobile applications that exploit the characteristics of smart bulbs for data exfiltration, as reported by experts from the International Institute of Cyber Security.

The experts used the Magic Blue smart bulbs, which feature the communication via Bluetooth 4.0. The devices are manufactured by a Chinese company, called Zengge and can be controlled by Android and iOS applications. The company has important clients, such as Philips, among others.

Digital forensics specialists focused their study on devices that use the Low-Energy Attribute Protocol (ATT) to establish communication.

The first test carried out by the experts consisted in detecting the communication between the smart bulbs and the pairing mobile app. The pairing method used by researchers is Just Works.

Digital forensics experts paired a mobile phone with an Android operating system with the iLight application and began detecting traffic while using the smart bulb’s color-changing feature.

In this way, the research team found the commands sent by the mobile application to the smart bulbs. The computer reverse-engineered the mobile application using a tool called JADX.

Once they got full control over the device, the specialists began to develop an app that takes advantage of the smart bulbs light to transfer information between the compromised device and the attacker.

In their proof-of-concept report, the specialists mentioned: “Our plan for data exfiltration was to use the light of these devices as a mean for transferring information from the compromised device to the attacker’s location. Light reaches wider distances, which was our main goal.”

“Let’s imagine the next scenario: a BLE smartphone gets compromised with some malware variant to steal the user’s credentials. Stolen information could be sent to an attacker using a BLE smart bulb in a nearby location.” In their attack, the experts used a smartphone connected to a telescope to receive the leaked data without raising the user’s suspicion.

It was necessary to create two apps for data leaking, one was installed on the victim’s smartphone, and the other on the attacker’s mobile device to receive and interpret the leaked data.

“We created two applications, the first to send the leaked data and the second one to receive them. The application that transmits the information changes the intensity of the blue light on the smart bulb. The app has two modalities: normal mode and silent mode. The first can be visible to the human eye, but the silent mode is very difficult to detect due to the variations of the shades of blue used,” the experts mentioned.

“These methods are functional in every smart bulb that allows an attacker to take control of them. In the future, we would like to create a better proof of concept that allows us to test a database of vulnerable smart bulbs, we have also considered the implementation of artificial intelligence to learn about other classes of smart bulbs,” the experts concluded.