Author: Katrina Rosseland
About myself: As a 15 year old girl, I attended the first Hacker Highschool class in Norway and was hired to fulfill the role of a project assistant at DIGFO. Currently 16, I am glad I can contribute to the surprisingly low but slowly rising percentage of women in cyber security today.
Smart bulbs and the dangers of the IoT
The Internet of Things or IoT has seemingly exploded in the past several years with the introduction of Google Home, Amazon’s Alexa, and numerous other staples of today’s modern home. Among the several devices considered part of the IoT are «smart bulbs».
These bulbs connect to WiFi and can be controlled remotely, giving people a fun, new, seemingly harmless gadget to add to their homes. As with almost every device that is given the ability to connect to various points, it can pose some serious security issues.
There was an experiment in which someone broke a cheap «smart light» open to see what information they could get out of it and to everyone’s surprise, with little to no effort, they obtained the SSID and the encryption key of the WiFi network. Within the bulb, the data was stored in plaintext, conveniently readable to anyone. This issue was then fixed and now the data is encrypted, thus resolving the problem, but the security issues with the IoT are far from over.
Having a multitude of devices connected to each other and outside networks is asking for trouble, especially when these devices are so new and misunderstood to the average person. It is important to keep in mind that these devices have a substantial amount of information on us and our networks/devices especially if they are all linked together. Bruce Schneider in the book «Click Here to Kill Everybody» recommends to stop, think, then connect. Because it is not always necessary to connect everything. Do you really need to connect your toaster to the web and possibly make yourself vulnerable to attacks? By succumbing to the modern way of living easier with the use of the IoT, you are in less control of what your devices know and do with your data.