Lightbulb Worm

From Embedded Lab Vienna for IoT & Security
Revision as of 16:36, 11 January 2022 by CRudlstorfer (talk | contribs)
Jump to navigation Jump to search

What is a Lightbulb Worm?

The Lightbulb Worm is a construct that results from the research and attacks done by Colin O'Flynn, Eyal Ronen, Adi Shamir, and Achi-Or Weingarten. They provide the ingredients of the first worm that affects smart lighting systems.

The worm has the power to spread only through physical proximity and would also be able to destroy lightbulbs permanently. It only takes one infected lightbulb to be installed, and the worm can spread - through its ZigBee wireless connectivity - directly to the physical neighbors of this lamp. These newly infected lamps would again infect all their neighbor lamps. That leads to a massive chain reaction that spreads in an epidemic fashion and attacks whole cities. [1] [2] [3]


Philips Hue and Zigbee Light Link

The research and experiments of constructing the lightbulb worm have been done by using Philips Hue smart lighting systems and exploiting the implementation of their inbuilt ZigBee Light Link Protocol and firmware update mechanisms.

The Philips Hue smart lamp system works as follows: The lightbulbs are connected to a bridge device which creates a network the lightbulbs can join. The bridge controls all the lamps and also contains an IP link. Via the Router, it is connected to the Internet through which you can control your system with the Philips Hue Lightning App. [1] [2] [3]

PhilipsHue.jpg Cite error: Closing </ref> missing for <ref> tag

[2]

[3] </references>

  1. 1.0 1.1 Cite error: Invalid <ref> tag; no text was provided for refs named blackhat
  2. 2.0 2.1 2.2 Eyal Ronen, Colin O'Flynn, Adi Shamir, and Achi Or Weingarten. IoT Goes Nuclear: Creating a ZigBee Chain Reaction. In Proceedings – IEEE Symposium on Security and Privacy, 2017
  3. 3.0 3.1 3.2 Eyal Ronen, Adi Shamir, Achi Or Weingarten, and Colin O‘Flynn. IoT Goes Nuclear: Creating a Zigbee Chain Reaction. IEEE Security and Privacy, 2018