Hacking Your Fridge – Internet of Things Security

Outsmart Malicious Hackers


So one of the latest fads is IoT or the Internet of things phenomena which has been talked about for a while (especially since the discussion of IPv6 started), IoT is connecting physical items to the Internet and giving them some kind of IP (be in NAT or a proper IPv6 address).

This enabled you to control your lights (on/off & dimming) via your phone, or anything else that can be connected (turn on your kettle, check your fridge temperature, warm up your oven etc).

The possibilities are basically endless.

Internet of Things Security

The issues IoT brings is of course a whole new set of security concerns, if everything is Internet connected, it’s also prone to get hacked, spammed, DDoSed and generally fscked up.

Imagine if your house alarm is Internet savvy and someone DDoSed the control box, so you can’t get into your own house, unless you pay some kind of ransom. These things are going to happen.

Those convinced that the emerging Internet of Things (IoT) will become a hackers’ playground were given more grist for their mill with news on Friday that security researchers have discovered a weakness in Wi-Fi/mesh networked lightbulbs.

Researchers at Context Information Security discovered that LED light bulbs from manufacturer LIFX – which are designed to be controlled from a smartphone – have security weaknesses. By gaining access to the master bulb, Context was able to control all connected lightbulbs and expose user network configurations.

Context worked with LIFX to develop a patch for the security bug before releasing a fix in the form of a firmware update. Simon Walker from LIFX stated: “Prior to the patch, no one other than Context had exposed this vulnerability, most likely due to the complexity of the equipment and reverse engineering required.”


Thankfully IoT is a fairly new thing so not many malicious hackers are looking into it, plus for now – there’s no real monetary value when it comes to hacking into a lightbulb. Rather annoying yes? Business critical? No.

That is of course, until the point where your Lightbulb is part of your corporate LAN and hacking the lightbulb gives you access to the internal network..then it becomes a whole different story.

Context’s find is part of its ongoing research into the security of the Internet of Things (IoT) – which includes parking meters, internet-enabled fridges and much more besides. Many of these components are being put together with little thought for basic security precautions, according to Context.

“It is clear that in the dash to get onto the IoT bandwagon, security is not being prioritised as highly as it should be in many connected devices,” said Michael Jordon, research director at Context. “We have also found vulnerabilities in other internet connected devices from home storage systems and printers to baby monitors and children’s toys.”

So yah, as IoT becomes more of a ‘thing’ and adoption goes up, Internet of Things Security is going to become a major issue and it could well become the next hackers playground.

Fortunately this case is more of a research/knowledge share than actually something exposing risk or a published zero-day exploit against an IoT device. I would imagine in the coming year or so we’ll see a lot more similar incidents.

Source: The Register

Posted in: Exploits/Vulnerabilities, Hardware Hacking

, ,


Latest Posts:


Terabytes Of US Military Social Media Spying S3 Data Exposed Terabytes Of US Military Social Media Spying S3 Data Exposed
Once again the old, default Amazon AWS S3 settings are catching people out, the US Military has left terabytes of social media spying S3 data exposed.
SNIFFlab - Create Your Own MITM Test Environment SNIFFlab – Create Your Own MITM Test Environment
SNIFFlab is a set of scripts in Python that enable you to create your own MITM test environment for packet sniffing through a WiFi access point.
Skype Log Viewer Download - View Logs on Windows Skype Log Viewer Download – View Logs on Windows
Skype Log Viewer allows you to download and view the Skype history and log files, on Windows, without actually downloading the Skype client itself.
Ethereum Parity Bug Destroys Over $250 Million In Tokens Ethereum Parity Bug Destroys Over $250 Million In Tokens
If you are into cryptocurrency or blockchain at all, you will have heard about the Ethereum Parity Bug that has basically binned $280 Million + ETH.
WPSeku - Black-Box Remote WordPress Security Scanner WPSeku – Black-Box Remote WordPress Security Scanner
WPSeku is a black box WordPress Security scanner that can be used to scan remote WordPress installations to find security issues and vulnerabilities.
Malaysia Telco Hack - Corporations Spill 46 Million Records Malaysia Telco Hack – Corporations Spill 46 Million Records
The Malaysia Telco Hack has been blowing up in the news with over 42 Million Records being leaked including IMEI numbers, SIM details and home addresses.


Comments are closed.