Security and Usability Should Coexist in IoT-Connected Lighting

The Internet of Things enables interoperability among many different kinds of devices. However, one often overlooked issue is that in the installation Internet-connected devices including lighting is the security of such systems. The multi-protocol compatibility that allows interoperability can open up such devices to the security issues of those multiple protocols. The cost of using such convenient lighting controls should not be the security of computer networks and clouds.

A somewhat recent New York Times article revealed that a luxury hotel in Austria that had key cards was hacked. Guest could not get into their rooms, and new key cards would not work. The hackers demanded $2000 to give the hotel back control of the keycard system. The owner of the hotel, which has rooms averaging about $530 per night, decided to pay the ransom and has gone back to using old fashioned keys and locks to eliminate the possibility of hacking.

Ransomware has become the Modern form of Piracy

Hackers asking for ransom has become a modern version of piracy. Unfortunately, this is not an isolated incident. In a much more malicious and potentially dangerous incident, a hospital in Los Angeles was hacked, and the Hackers took control of the medical records system. The hackers demanded $17,000 before they would allow the hospital employees to access the critical medical records. In a hospital setting, medical records can mean life or death for patients.

Experts warn that paying such ransoms just encourages and likely funds similar schemes. Many times hackers do even have to have physical access to systems to gain control. For example, hackers in a nearby parking garage have taken control of systems.

Testing for Security Vulnerabilities Should be Done Regularly

A recent study by IBM Security and the Ponemon Institute found that 80% of respondents do not routinely test their IoT apps for security vulnerabilities. That makes it much easier for criminals to exploit IoT security vulnerabilities to steal, spy, or even cause physical harm.

While lighting in and of itself in an office or business is not the life-or-death issue like healthcare records, having lights go out can disrupt business and make customers want to leave. I could envision a somewhat less malicious hacker controlling the lighting and keeping it off until a ransom is paid to disrupt productivity. Such hacking could be costly for business, and it can be mostly preventable with security built into the lighting system.

Osram found that its Lightify bulbs had been hacked. Osram has since worked to correct the issue.

Zigbee lighting controls, a standard that was meant to be secure, was also found to have some security flaws that could be exploited. For this reason as of at least as of two years ago, Philips hue bulbs, which use ZigBee protocol, could be hacked, according to experts. The experts showed that compromising a single bulb could infect nearby bulbs within minutes even if the bulbs were not part of the same. Philips has worked to correct the issue since then.

According to Tobias Zillner and Sebastian Strobl, security experts at Cognosec, what allowed them to overcome the security of ZigBee was the fact that, no physical access was required, no knowledge of the secret key was necessary, and with ZigBee (at least according to them as of 2015) usability overrides security issues.

These two security experts warned that many connected lighting systems use security that is equivalent to passing plain text passwords. This is unacceptable. The industry should learn that ideally, IoT-connected lighting products should not have to compromise on security to obtain their usability.

More Recent Commentaries and Editorials

Study Linking Street Lights to Cancers Flawed
A newly released study has found a link between exposure to blue light of street lights and the incidents of breast and prostate cancers. Researchers at the Barcelona Institute of Global Health and…
Read More
Bluetooth and Bluetooth Mesh, Connecting Technologies that Compliment the Internet of Things (Updated)
I have had more than one non-technical person ask me about the Internet of Things. One question that I have gotten more than once is, they say something like, "The Internet of Things, that's like…
Read More
The TM-30-15 Standard, an Improvement Over CRI (Updated)
By Scott McMahan The Illumination Engineering Society intends to cease using CRI as metric. CRI as a standard for lighting quality has been around since 1964. The value of CRI as a standard is…
Read More
Hurricanes and Earthquakes Help Remind Us to Not Take Lighting for Granted
During the past month, the major hurricanes and even earthquakes have plagued parts of North America. These events in addition to the recent announcement of Philips Lighting's establishment of the…
Read More
Sensor Feedback May Be the Answer to LED Degradation and Color Shift Over Time
LEDs gradually fade in intensity, and they also shift in color over time. How quickly their brightness declines and their color shifts depends on the LEDs and their operating environment. The…
Read More