December 5, 2016
Imagine a living room that switches off the lights when everybody’s gone to bed. A clothes iron that, if left on in an empty house, sends a message to your phone. Or a percolator that puts coffee on the boil in the kitchen the moment your feet hit the bedroom floor. Such ‘smart home’ scenarios have gone mainstream, as new dwellings are increasingly fitted with advanced materials and products designed to send and receive digital data. This frontier of device-based connectivity – referred to by researchers as the IoT, or the ‘Internet of Things’ – has the potential to make life safer and more convenient by anticipating human needs.
But according to new research, it’s the IoT’s unanticipated dangers that should be keeping us up at night. A study published by the Weizmann Institute of Science’s Professor Adi Shamir, a world-renowned expert in encryption, demonstrated how a flaw in wireless technology makes it easy to use rogue radio signals to hack into household devices—and to infect them with malicious code capable of spreading like wildfire through IoT networks.
Co-authored by Eyal Ronen, a PhD student in Professor Shamir’s lab, additional contributors to the study were Weizmann MSc student Achi-Or Weingarten, and Colin O’Flynn, a doctoral candidate from Dalhousie University in Halifax, Canada.
According to Professor Shamir and his team, the Internet of Things is becoming an ever-more attractive target for cyber-attack, because low-security IoT devices open a ‘back door’ to the data networks upon which our society depends. Networked household devices can be hijacked, giving cyber-criminals a potential and relatively simple strategy for accessing and stealing information from computerized systems, or even bringing a city to a standstill by shutting down the electrical grid.
The study has captured headlines around the world, including in The New York Times, both because of its dramatic implications, and because study co-author Professor Shamir, a member of the Weizmann Institute’s Department of Computer Science and Applied Mathematics, is a Turing Award laureate whose cryptography research underlies the robust cyber-security protocols that protect almost all Internet-based commercial transactions. While Professor Shamir’s methods have made online sharing significantly safer–he is co-inventor of the RSA public-key cryptography algorithm for encoding and decoding messages, among other important digital security advances–recent events prove that the Internet of Things presents an entirely new set of challenges. For example, a recent cyber-attack that temporarily disabled both the Twitter and Amazon websites was launched by hackers who took advantage of the weak security standards of typical IoT devices.
Small vulnerabilities, big problems
The researchers set out to illustrate how small vulnerabilities in IoT protocols can lead to major problems. They achieved proof-of-concept through a set of experiments in which they successfully infected ‘smart’ light bulbs– bulbs with the built-in capability to send and receive data–with a malicious computer worm.
“We discovered that, in a specific implementation of Zigbee Light Link — an IoT protocol used for networked lighting fixtures — there is a problem in the code that makes it possible to infect light bulbs with malicious software,” Ronen explained, adding that the researchers informed bulb manufacturers, and delayed publication of their findings until the vulnerability was fixed.
“Using simple equipment costing just a few hundred dollars, we were able to perform an over-the-air hack of smart lightbulbs’ controlling software, and hijack entire smart lamp networks,” he said.
The researchers also proved that this malicious takeover could be accomplished from a distance, something they demonstrated with a stealth strategy that appeared to be straight out of the movie Mission Impossible.
In a scenario the team calls ‘war-driving’ the researchers drove by a Weizmann Institute building at night, and, from a distance of 70 meters, caused lamps to blink on and off. In a second scenario, called ‘war-flying’, the team used an airborne drone to hijack an IoT network inside a Beer Sheva office building—ironically, one that is home to some of Israel’s best-known cyber security companies. In this case, a hovering radio transmitter successfully took over lamps from a starting distance of 350 meters, a graphic demonstration of how vulnerable such devices are to outside hackers.
The research performed by Professor Shamir’s team reveals, on a small scale, the potentially catastrophic vulnerability of IoT networks. With billions of IoT devices expected to be installed within the next few years—particularly in densely populated cities—a worm uploaded to a single bulb has the potential to spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. By taking control of such networks, cyber criminals could turn all the city lights on or off, permanently disable them, or exploit them in a massive denial-of-service attack against WiFi communication. From crashing specific websites to compromising communication systems to disabling networks that are vital to national security, the implications are enormous.
According to Ronen, the study reveals a systemic flaw in the way new cyber-security protocols are produced and disseminated.
“ZigBee was designed by an alliance of international corporations, and standardized as part of a closed process that does not solicit input from outside security experts,” he said.
“In the future, security protocols should be developed in a more open environment so that professionals can weigh in, and fix vulnerabilities before they find their way into consumer products.”
Professor Adi Shamir is funded by the Microsoft Corporation. He is the incumbent of the Paul & Marlene Borman Professorial Chair of Applied Mathematics.