The ability to find devices such as a light bulb and attack them has never been easier adversaries can use device identification tools (e.g. An adversary compromises a less protected target on a network and then uses that device or system as a pivot point to perform reconnaissance, move laterally in the network, escalate privileges, and finally reach their objectives. A well-known cybersecurity attack principle is lateral movement. ![]() That said, the likelihood of other malicious attacks, the ability to gain access to your network and to the other devices in your home make the light bulb a perfect first step in an attack. It’s unlikely that anyone - other than a prankster or the neighbor whose house you insist on parking in front of - wants to turn your light off and on. by advising the front door to unlock or turning the oven on). ![]() Once compromised, the attacker can cautiously watch the network, potentially interact with other devices on the same network (including cameras and sensors), spoof other devices, and even perform some physical actions that could compromise the safety of the inhabitants of the home (e.g. The combination of the above aspects of the smart bulb, combined with either the extremely unlikely chance of discovery or the potentially less likely chance that the firmware or operating system will be updated by the user, make this an excellent first attack point for a network. Most importantly, when we onboard the light bulb into a network that allows us to control the bulb, we provision that device with networking credentials. Additionally, the bulb also includes drivers for the filament, LEDs, coloration, and dimming aspects of the bulb. The light bulb also has storage for maintaining state, auditing, and communication, memory to run the operating system and the network stack. To do this work, the bulb also has a processor since custom hardware is expensive, that processor can likely perform many functions (so that it can be included in other IoT devices) if not address them all generally. The likely target was never the light bulb, this is just a means to an end and part of a larger attack vector.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |