A team of digital forensics specialists from the University of Texas released a report detailing a method used by threat actors to hack smart bulbs and extract information from the smart home environment where these devices are connected, including images and videos from security cameras and other devices, such as smartphones or laptops.
The attack is considerably serious, as the commands needed to execute it are entered using the WiFi networks of a smart home, so victims will find no signs of abnormal activity.
According to digital forensics experts, a smart bulb allows the user to modify the light intensity, change the color or set a turn off time using a mobile app or other devices with an Internet connection. Among the devices analyzed by the experts are Philips Hue, Ikea’s Trådfri, and Lifx’s smart bulbs.
Most smart bulbs feature infrared technology to fulfill some of their functions. According to this report, a hacker could abuse this feature to extract information from devices connected to the same network as the smart bulb, creating a “secret communication channel” between the targeted bulb and infrared signal detection equipment controlled by the hacker.
Experts add that extracting information requires remote installation of a malware variant on the victim’s smartphone or computer; thanks to this, the hacker will be able to access sensitive data that would be encoded and subsequently transmitted via the secret infrared channel mentioned above.
To make the situation a little worse, many of these devices do not request authorization of any kind to be controlled, so any such mobile application can communicate with any smart bulb, experts add.
International Institute of Cyber Security (IICS) digital forensics specialists claim that most users ignore that their smart bulbs feature infrared capabilities, as well as ignore the fact that any user with the sufficient knowledge can take control of this invisible spectrum. Virtually any file stored on the target user’s devices is exposed, so experts strongly ask manufacturer companies to establish better security measures for this kind of devices.