Hacking Lightbulbs To Cause a Sustained Blackout

An anonymous reader writes "Researcher Nitesh Dhanjani just published an evaluation of the Philips Hue wireless lighting system that is available at Apple stores (and online). These lightbulbs come with a wireless bridge that you can control from your iPhone. Dhanjani has published a video demonstrating a vulnerability he found that can be exploited by malware to cause a sustained blackout. The video shows how the malware script can continuously turn the light bulbs off. Dhanjani also discusses other scenarios such as the systems' tie in with IFTTT (If This Then That) to cause a blackout by tagging a Facebook user on a completely black photo. Lots of interesting ideas on security vulnerabilities targeting future malware and smart devices. The paper can be downloaded here (PDF)."

Question

[djupedal]

Why do I feel like I'm standing in line at the supermarket reading the cover of some tabloid rag right now...

Re:Question

Why do I feel like I'm standing in line at the supermarket reading the cover of some tabloid rag right now...

Hard to say.

Perhaps it's because you didn't recognize the extremely important but implicit message that unless we (the engineers) pay more attention to what we're doing, then our products can be susceptible to widespread mayhem.

It's a pretty relevant topic as everything around us becomes more and more networked.

Re:Question

[NatasRevol]

You're drunk with a box of Tampons in hand, for the girl who's leaving you next week?

And a box of wine.

Re:Question

[Princeofcups]

Why do I feel like I'm standing in line at the supermarket reading the cover of some tabloid rag right now...

Maybe it's time add a third level of moderation to slashdot. Have at least 5 high karma readers edit all article posts before they go up.
- Spelling/grammar corrections
- Weasel word removal
- Check/supply links
- Accurate titles/summaries

God knows the current batch of mods aren't doing their job.

Re:Question

[larwe]

I have one mod point left and I read this reply and my finger doesn't know what to click ;)

Re:Question

Sounds like my Saturday mornings.

Re:Question

Perhaps it's because you didn't recognize the extremely important but implicit message that unless we (the engineers) pay more attention to what we're doing, then our products can be susceptible to widespread mayhem.

Mayhem is turning off the lights? Who are you? Professor Chaos?

Re: Question

It's like when my wife calls me and asks when to change the lightbulb in the bathroom. "First fill the bathtub with water..."

Re:Question

[Mr.+Flibble]

When have the mods ever "done their job?"

This is both the bane and the boon of Slashdot. Slashdot is not going downhill, it is the same as it ever was.

Re:Question

Posted by timothy

that's why

Re:Question

I believe that would be the forth level of moderation, as we already have three levels.

#1 - comment moderation
#2 - comment meta-moderation
#3 - article moderation (AKA: http://slashdot.org/recent )

For the record I did my part by moderating this submission down :P

Re:Question

[thunderclap]

It is if they are hackable. On Newsroom the HBO show, The Military liaison suggested the apocalypse would come when a hacker shuts down the grid, opens up the dams (causing widespread flooding and destruction) and alters pressures on pipelines causing them to explode. So while you think a hackable light isn't something important its one step away from your electricity being turned off by a hacker. That is mayhem.

wireless basic needs

[schneidafunk]

It seems to me a bit frivolous to be connecting lights, toilets, refrigerators and whatnot to wireless technology.

Re:wireless basic needs

[internerdj]

It doesn't have to be 802.11, but I can see some use in not having to go inside to turn on your outdoor lights.

Re:wireless basic needs

[ebno-10db]

I certainly agree as regards wireless information, but for lights, wireless power is another story (only wimps worry about receiving picowatts).

Re:wireless basic needs

[ebno-10db]

Having to go inside to turn on your outdoor lights, eh? Next thing you know, telephony will revert to two tin cans and a string.

Maybe I just suffer from a 20th century mentality, but I've never felt deprived having to actually open the door and go inside to turn on the outdoor lights. If I did, I would install a switch on the outside! (yes, waterproof obviously).

This whole wireless control thing has degenerated into silly gimmicks. Admittedly this doesn't seem like some great security threat to me. There's a bit of a difference between being able to turn off some of the lights of some of the people and being able to shut down power stations, but this is still a gimmick.

Re:wireless basic needs

[HexaByte]

Agreed! We want to do everything without getting off of our butts, then complain that we're too fat.

Re:wireless basic needs

[kheldan]

That's because it's not only frivolous, it's flat-out stupid.
Don't know about anyone else, but I don't need or want so-called "smart" appliances or lightbulbs. I don't want someone else deciding when I can dry my clothes, or run my air conditioner, or be able to make my lights go on and off, or maybe hack my refrigerator and ruin hundreds of dollars of food "for the lulz". If I can't maintain direct control over things in my living space, then they need to go.

Re:wireless basic needs

[taiwanjohn]

Admittedly this doesn't seem like some great security threat to me.

It will be more and more of a threat, especially as we inevitably move toward autonomous robots for housekeeping chores. How 'bout I hack into your "Rosie Robot" and tell her to pick up a kitchen knife and wipe out your family in their sleep? (Not to mention the widespread speculation about Michael Hastings's car getting hacked...) Clearly we've got a long way to go in this regard.

That got me thinking... would it be feasible to build a sort of "black box" recorder for your home? Have it scoop up all wired & wireless traffic and store it for a week or a month... keep the box hidden and hard to tamper with, only controllable by its own hardware interface. You could also have it monitor such traffic to look for attacks and send out alerts, and/or dump data to a list of destinations in case of certain failure/emergency modes.

Re:wireless basic needs

[Gilmoure]

Sorta like a log, on a backup system?

Re:wireless basic needs

[blackest_k]

dump data? don't we have twitter and facebook for that

Re:wireless basic needs

[taiwanjohn]

Yes, but more robust and secure, completely impervious to network attack, and only vulnerable by physical force. Also with AI at a similar level to "Rosie Robot's" to allow it to recognize certain failure modes... such as when the nanny-cam sees Rosie entering the baby's room with a butcher knife in hand.

Re:wireless basic needs

All of you are missing the point.

http://americablog.com/2013/08/if-the-irs-gets-nsa-data-who-doesnt-this-is-a-data-trafficking-story.html

http://www.cato.org/publications/commentary/do-nsas-phone-internet-monitoring-programs-make-sense

http://hotair.com/archives/2013/06/06/breaking-fbi-nsa-massively-collecting-data-from-9-internet-companies/comment-page-2/

http://www.iowasource.com/health/2012_02_wifi.html

http://sustainabledevelopment.un.org/content/documents/Agenda21.pdf

You all think ubiquitous wireless is for your convenience?

Re:wireless basic needs

You see it is for ease of abuse... err I mean use.

Re:wireless basic needs

[smooth+wombat]

This whole wireless control thing has degenerated into silly gimmicks

You're completely missing the point. This is about technology and how cool it is. It doesn't have to be useful or logical.

Considering the sad state of software, you should already know this.

Re:wireless basic needs

[yabos]

I can't wait till everyone's toilet starts tweeting every time they take a shit.

Re:wireless basic needs

[You're+All+Wrong]

It's one of the classic rules of security, just with a different twist - if you allow someone else to control your lightbulbs, they aren't your lightbulbs any more.

Re:wireless basic needs

[internerdj]

I've never been felt particularly deprived either. I have had times where I left home intending to be back home prior to dark and not left a light on or carried a flashlight to be stuck wandering from the street light to my dark porch to identify the proper keys to open the door. It hasn't inconvenienced me enough to actually get a connected bulb, but I might consider it when I have to replace it.

Re:wireless basic needs

[StuartHankins]

We're very close.

Re:wireless basic needs

They still work as regular light bulbs if you turn off the hub/controller. You can still use them with a regular light switch. The only sustained blackout this would cause is the the time would take to disconnect the bridge.

Obviously there are security concerns, but the only thing here that is "flat out stupid" is your alarmist overreaction.

Re:wireless basic needs

[plover]

It may seem frivolous, but there are lots of valid reasons. Most pertain to home automation in general, not just wireless systems, but most home automation systems today use wireless communication. Here are a few off the top of my head.

• Wiring costs. Today, you run an extra wire from light fixtures to wall switches, regardless of where the fixture is in relationship to the switch. That may route a heavy copper wire down a short wall into the floor, across the floor to a wall, up the wall to the ceiling, and across the ceiling to the fixture. That's three pounds of copper plus 30 minutes of electrician time that didn't need to be spent. A wireless switch needs either cheap batteries or low current to operate the fixture, without the extra copper.
• 
  Energy savings. A smart house (wired or wireless) allows a system to turn off lights and appliances when not in use. While occupancy sensors are not totally reliable today, they can turn lights off from rooms that are not occupied. An unoccupied house could shut off all manner of appliances when the last person leaves. And unlike a kid who has to be reminded to shut off the lights, the system understands the rules 24x7.
• 
  Smart grid. The Smart Grid is a system where utilities will charge more for peak electricity in order to reduce demand. Today, on a hot day in August when the demand for A/C is the greatest, the utilities have to fire up "peak generators" which can cost 20 times as much for fuel as coal, hydro, or nuclear power. Assuming you are a rational consumer, you probably want to shut off extra lights and not run the dishwasher when electricity is so expensive. The Smart Grid will send a signal to your meter, saying "from 4-8 PM, charge $3.00/kWh, from 8-12PM charge $0.20/kWh". It will broadcast the electric rate to your appliances. You might configure your dishwasher to say "delay running until electricity is cheaper than $0.30/kWh".
• 
  Flexible control. You might only need lighting above a specific task area, but have a track fixture with a dozen lamps. Or you might rearrange the furniture so that a certain task would benefit from different lighting, but the fixtures are recessed and can't be moved. Wireless control lets you change the lighting to something appropriate for the task or room. I synced my low voltage outdoor fence lights to my deck lights with a simple scene change, so I can now walk the dogs after dark without having to leave the fence lights on.
• 
  Safety. While I don't think much of the "safety" arguments, there are some points that are important to some people. You can turn on all lights in a panic situation. You can turn off all appliances in case of a fire. Household sensors can detect water leaks, and smart valves can shut off the water supply in response. I do get an alert on my phone if there is a water leak in my basement, so there is certainly value to me.
• 
  Security. A wireless door controller and camera can let you allow in authorized service people when you're not home, without your having to provide them with a key or a temporary code. You don't have to answer the door if the person ringing your bell isn't someone you know or expect.
• 
  Automation, especially for needs more complex than a simple timer. You can turn on exterior lights from dusk to 10 PM, instead of every night from 5PM to 10PM. We have grow lights that operate from six AM to sunset because the varying diurnal cycle is critical for proper plant growth and flowering. Other sensors can respond to water, temperature, and humidity, and operate irrigation systems on an as-needed basis.
• 
  Multiple sources of control. A traditional light can be controlled via a 3-way or 4-way circuit. An automated fixture can be controlled from as many wall switches as you want to hang, scene controllers, wall pads, remote controls, home theater systems, or even externally via cell phone or web.

Refrigerators are an example of several of these benefits. A smart refrigerator

Re:wireless basic needs

[PNutts]

This whole wireless control thing has degenerated into silly gimmicks

You're completely missing the point. This is about technology and how cool it is. It doesn't have to be useful or logical.

And bonus points if it is useful and logical. Instead of the fun and useful-to-me stuff I do with my Hue lights that nobody else cares about, I'll simply mention in a semi-technical forum that I use PowerShell and hook into Lync's APIs to turn a light outside the door of my home office on and red when I'm on the phone so my kids won't come knocking.

Re:wireless basic needs

[internerdj]

And how I schedule my lights is even remotely useful? With this my activation of a light is further removed from my real world use. If I were conspiring to watch your every move I would not try and sell you on a technology that generates so much unnecessary noise in your data.

Re:wireless basic needs

[thunderclap]

If I schedule them to off how long before you notice? NSA doesn't care about you until you try to disrupt the system. Then want all your tracking already available so they can discover it. Its like Person of Interest, only real.

Re:wireless basic needs

[thunderclap]

You are right. However you are in the minority. Do you own a house? I don't mean mortgage I mean actually hold the note on the building and land. If you do then, you should have no problems as long as you don't move. Otherwise, there will reach a point where you will be upgraded to this. This is why we are talking about it now. % yrs is too late.

Re:wireless basic needs

[thunderclap]

How many people are smart enough to recognize this? I will quote from 'Men in Black' A person is smart. People are dumb stupid panicky animals and you know it.

Re:wireless basic needs

[internerdj]

I assume here you mean turn them off for a tactical advantage. Even if you knew how many bulbs I owned, how would you know my installation well enough to actually gain the tactical advantage? This carries as much risk or more than just cutting the power.

Re:wireless basic needs

[Hentes]

Then put a PLC interface on them, wireless is badly suited for this.

Three-position switch?

[smittyoneeach]

On, controllable, off?

And the malware will be named:

Black Ops?

Less worried about blackouts

More worried about sustained 5 to 45Hz strobes giving everyone seizures.

Re:Less worried about blackouts

[K.+S.+Kyosuke]

Why seizures when you can re-program their brains?

Re:Less worried about blackouts

[thunderclap]

http://www.theverge.com/2013/5/25/4365726/daniel-dennett-explains-how-to-reprogram-your-brain
http://youtu.be/4Q_mY54hjM0

So.

A simple script doing the equivalent of a pecker toy on the wireless "off switch". And that's "hacking" and "a security vulnerability".

Guys, if this is "security research" then it's no wonder we're making no progress.

Re:So.

[Tridus]

I'd say we're making no progress because this is all that's required to break stuff. Again.

Companies are great at tacking needless wifi into things and not being able to protect them against the most basic of attack. But hey, it's not like you need your lights to work reliably, right?

I can't wait for the toilet that won't flush unless you pay the guy in Russia that infected it with malware. That's going to make all our lives better.

Re:So.

[tlhIngan]

Except that the lightbulbs don't use WiFi. They use zigbee, and are paired with a central hub through Ethernet. That central hub actually has a bunch of provisions including rate limiting (there's only so many commands you can send it). And each lightbulb is controlled individually so if you have your whole house wired with them, the attacker would hit the limit fairly quickly.

It's a problem because several have tried to sync the bulbs to music, or to be a cheap lighting system only to run into the rate limits. (The bulbs can only be paired with one hub, too).

That, and there's a failsafe in if you flip the switch off and then on again, the bulb goes into "full on" mode.

They're not quite wireless lightbulbs - they're really color-controllable lightbulbs - you can set them to emit a certain color rather than just white or a color temperature controlled white.

Re:So.

[thunderclap]

I believe the darknet anons are already working on it.

SUSTAINED BLACKOUT!!! OH NOES!!!!

[Score+Whore]

Turning off a single or set of light bulbs is not a "sustained blackout." Shutdown all electrical systems in a city (or at least a neighborhood) and maybe you can start talking blackout. But turning off a couple of light bulbs isn't even inconvenient. What kind of hyperbolic dipshittery headline writing is this?

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

Actually, the term blackout originally referred to everyone shutting off their lights during an air raid,

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[interkin3tic]

This is only the tip of the iceberg. You can cyber-computer-terrorist-hack a blindfold to PERMANENTLY MAKE EVERY LIGHT IN THE UNIVERSE BLACKOUT*!

(*For one person. Provided they don't remove the blindfold from their eyes.)

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[NatasRevol]

That's why the NSA stakes out every kids party where they're playing Pin The Tail On The Donkey.

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[Ol+Olsoc]

Turning off a single or set of light bulbs is not a "sustained blackout." Shutdown all electrical systems in a city (or at least a neighborhood) and maybe you can start talking blackout. But turning off a couple of light bulbs isn't even inconvenient. What kind of hyperbolic dipshittery headline writing is this?

Walking down a stairwell and having the lights go out is hardly hyperbolic dipshittery. But rather than just look at a situation and declaring people asshats if they are concerned, have a little imagination. If we are connecting our lights to the internet, it just shows that whatever is connected to the internet will suffer the same problems as anything else connected to it.

Lights are only one thing. There are refrigerators, locks furnaces, toilets, all manner of things that someone thought we needed to control from wherever we are.

I'm looking forward to the "Norton Home Appliance Antivirus Suite".

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

Walking down a stairwell and having the lights go out is hardly hyperbolic dipshittery.

Here is an idea, don't install wirelessly controlled lightbulbs in stairwells. I know you can't even possibly begin to fathom how someone wouldn't want wirelessly controlled bulbs in every light socket in their house, but some of us have more sense than that.

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[mlts]

A year or two ago, some company got mentioned on Slashdot which made electronically "lockable" bolts which fastened and unfastened via remote control, and were used for airline seats. They had an advantage since no tool paths for screwdrivers, wrenches, etc. were needed.

It might be a small object, but if those go into common use, and someone manages to hack a "unfasten all right now" command, it might not be a funny prank when chairs and other items come loose.

At the minimum, devices should use Bluetooth and use some sort of out of band pairing for setup (NFC, serial number/key, etc.)

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

Walking down a stairwell and having the lights go out is hardly hyperbolic dipshittery.

This has happened so often to me I lost count a long, long time ago. Shared stairwell with the lights on a timer not long enough to reach my floor will do that. Of course it wasn't a complete blackout: The light switches had little neon indicators in them. But they're only on floors, not mid-flight, where the lights would invariably go out. Eventually I learned to just trudge along come light or darness. So to me it is neither hyperbole nor much of a problem, really.

It wasn't a problem I could fix. Note that most computer users cannot fix their own computer either, and so they'll trudge along. Perhaps that's why the security industry relies on shouty headlines to try and garner some interest at all.

No wonder then that the "sustained blackout" is fairly sensationalist, but these days that merely warns the reader we're dealing with yet another "hatted hacker", aka "security researcher", someone making a good buck out of other people's misteaks, not someone who has an unbiased view or can bring bright new insights into, well, anything.

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[FireFury03]

As far as I can tell this isn't even a security hole in the lighting itself - they used a java exploit to gain control of the mac that was already controlling the lights. I'd be more interested if you could do a drive-by attack on the lighting system itself.

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[You're+All+Wrong]

> I'm looking forward to the "Norton Home Appliance Antivirus Suite".

I don't like the idea of getting home to an empty fridge and seeing "we have quarantined your cheese" in the logs.

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[cdrudge]

Walking down a stairwell and having the lights go out is hardly hyperbolic dipshittery. But rather than just look at a situation and declaring people asshats if they are concerned, have a little imagination.

What did millions of people do when they were walking down a stairwell previously and the light bulb burned out? Or someone else flipped a switch. No one apparently knows as those people were never heard from again. Or they stopped. Realize they would have to figure out how to climb some stairs carefully until they got to a spot where they could correct the situation.

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[plover]

Z-wave home automation devices use an out-of-band pairing step. You have to bring the controller and device to be controlled close together, then operate a manual switch on the controlled device to pair it to the controller. However, their security model appears to be almost entirely through patent-enforced obscurity, rather than any actual technical security. Z-wave door locks are supposed to be "encrypted", but nobody who knows is talking about how the protocols work, how the keys are stored and managed, or other details that would be good to know to evaluate their security.

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[Ol+Olsoc]

What did millions of people do when they were walking down a stairwell previously and the light bulb burned out?

Given the nature of light bulbs, they tend to burn out on turning them on, or turning them off. It's the nature of the fiulament, which is an inductor, and there is a current spike when turning them on and off. In addition, the filaments resisatnce is lower when it is cold, making it more likely they will do it whan switched on. Point is, you don't have much of a point.

Or someone else flipped a switch. No one apparently knows as those people were never heard from again

Just feel like arguing tonight, eh?

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[thunderclap]

People though the same about virii in the 90s. You are right, one light bulb is an annoyance. How about a malware that shuts them all off at once. Apple isn't virus free. Its yellow journalism. That's what kind of hyperbolic dipshittery headline writing it is.

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[thunderclap]

There was a Dr. who episode of that. He fixed it. ;)

Re:SUSTAINED BLACKOUT!!! OH NOES!!!!

[thunderclap]

Yes they do. You would be surprised and horrified what is available on the darknet. Nothing is completely secure. No encryption exists that can't be broken. If someone wants to they will. The question is will their prank injure one person or kill thousands.

IFTTT/facebook tie-in is a bit alarmist?

[fatgraham]

Apologies in advance for the trolling but that section seems a bit unnecessary... it's basically saying "if something bad happens to the service you use, something bad can happen to you"?

The light device has little to do with the hypothetical compromise of a cloud service IMO. As well as the feature of changing hue from another image. "Blackout" is a little alarmist when it's just doing what it's told to do...

The hack/comprimised access itself is neat though.

Rightey-O

[Impy+the+Impiuos+Imp]

I guess I should maybe rethink my purchase of my Philips Wireless Beltbuckle.

who needs this?!

[Thud457]

"Which is precisely the sort of thing we need to know," insisted the girl. "Do people want fire that can be fitted nasally?"

Re:who needs this?!

[canadiannomad]

I prefer the ideas generated around fiscal policy.....

MANAGEMENT CONSULTANT:
Um listen, if we could, er, for a moment move on to the subject of fiscal policy -

FORD:
”Fiscal Policy”?!

MANAGEMENT CONSULTANT:
Yes.

FORD:
How can you have money if none of you actually produce anything? It doesn’t grow on trees you know!

MANAGEMENT CONSULTANT:
You know If you would allow me to continue!

CAPTAIN:
Yes let him to continue.

MANAGEMENT CONSULTANT:
Since we decided a few weeks ago to adopt leaves as legal tender, we have, of course all become immensely rich.

FORD:
No really? Really?

CROWD MEMBERS:
Yes, very good move

MANAGEMENT CONSULTANT:
But, we have also run into a small inflation problem on account of the high level of leaf availability. Which means that I gather the current going rate has something like three major deciduous forests buying one ship’s peanut. So, um, in order to obviate this problem and effectively revalue the leaf, we are about to embark on an extensive defoliation campaign, and um, burn down all the forests. I think that’s a sensible move don’t you?

MARKETING GIRL:
That makes economic sense.

[Murmurs of agreement from crowd]

*Evil Laugh*

[NonSequor]

Now that the mood lighting has been disabled I can proceed with my insidious plot.

why...

Why do light bulbs need IP addresses?

Re:why...

[NatasRevol]

To remotely turn them off. or on. or up. or down. or a different color/hue/warmth. or to synchronize them. or to remotely manage all of yours from one point.

Re:why...

[dugancent]

Still not seeing why we need Internet connected lightbulbs. Personally, I wouldn't install them if they were given to me for me.

Re:why...

[camperdave]

Gee! Without internet connected light bulbs, we'd have no need for the abundance of addresses that IPv6 gives us.

Re:why...

Yeah, you could do all this by building it into the fixtures. Putting it in the bulb is really really stupid.

Re:why...

[thunderclap]

to download light bulb porn, why else? Rule 34 people!

multiple reasons not to include wireless

[Covalent]

Security issues aside, wireless connectivity uses some small amount of power. To me this is energy wasting of the highest order. My lightbulbs constantly listening for the one time per month that maybe I want to turn them on from my phone? Yes please and a side of mountain top removal coal mining please!

Re:multiple reasons not to include wireless

[Ol+Olsoc]

Security issues aside, wireless connectivity uses some small amount of power. To me this is energy wasting of the highest order. My lightbulbs constantly listening for the one time per month that maybe I want to turn them on from my phone? Yes please and a side of mountain top removal coal mining please!

NO imagination dude!

Just imagine, you'll be able to be on top of Mount Everest, and flush your toilet! ZOMG! All your Friends on Facebook will be able to flush it too. Imagine the celebrity aspect too. Kim Kardashian can charge people a hundred bucks to flush her toilet. This is the best thing to happen since People Magazine!

Re:multiple reasons not to include wireless

[FireFury03]

Security issues aside, wireless connectivity uses some small amount of power. To me this is energy wasting of the highest order. My lightbulbs constantly listening for the one time per month that maybe I want to turn them on from my phone? Yes please and a side of mountain top removal coal mining please!

With a computer controllable lighting system you may well be able to save energy by exercising better (automated) control over the lights - for example, automatically tuning them to the most appropriate brightness based on the current environment rather than running them at full power all the time, tracking where people are in the house and automatically turning the lights off in unused rooms, etc. That said, with the power requirements of modern LED lights, this does seem like rather a small potential saving.

I have them too...

Well, i have a lot of these bulbs in my house. And since the protocol is open (zigbee protocol) anyone can script a "blackout". Or a disco. The only news in this article is that somehow the handshake token gets hijacked by the script. Well, anyone near the bridge can just create a new token, so there is no need to hijack one.

Hysteria Much?

[s122604]

The hack described in the article is interesting from a technical perspective, but the use of the term "blackout" is hysterical and misleading.

When I think of the term "blackout", I take that to mean no more 120/240 in any of my sockets.

Yes, appliance hacks are something that we all should think about as more and more of the ubiquitous appliances, like lights, HVAC, water and sewer, that truly make the modern world function come online, but cmon....

Re:Hysteria Much?

[jasax]

Imagine when a "blackout" will be done to Japanese-style automatic toilets...
"...Malware.... Here goes a jet of boiling water right into your ba*ls!..."
So, 1024-bit encryption (at least) to the hot water valve key has to be enforced! :-)

Re:Hysteria Much?

[slashmydots]

But how are you going to drive to Goodwill and buy a non-networked light bulb system aka a lamp for $1 if you can't find your keys cuz your house is dark because you're an Apple-tard? Didn't think of that, did you?

Re:Hysteria Much?

My keys are in my pocket, if I can't find them in the dark I've got bigger problems than non-functioning light bulbs.

Re:Hysteria Much?

[Plumpaquatsch]

Imagine when a "blackout" will be done to Japanese-style automatic toilets... "...Malware.... Here goes a jet of boiling water right into your ba*ls!..." So, 1024-bit encryption (at least) to the hot water valve key has to be enforced! :-)

Wouldn't that be "turns of the flushing noise it makes so nobody can hear you while you are on the toile - so everybody can hear you on the toilet"? That would lead to mass suicides.

Kind of like TVBeGone...

[mmcxii]

I need one of these for when my group has star parties. One that covers about 50 miles in all directions.

Fail

[TheSkepticalOptimist]

There is no reason for a light bulb to be connected to the internet, this proves it. If you are too stupid or lazy to be able to turn on/off your own lights using a mechanical switch you deserve getting the "blackout of shame".

Re:Fail

I can come up with thousands of things that "there is no reason for" but none of them will likely change the way you handle your life even though most of what you do probably can't be accounted for with base logic.

The mere fact that you're on Slashdot proves it.
Your posting on a topic that you have no invested interest in is another.
Reading my rambling opinion on your pointless post is yet another.
Any attempt to reply to this post will be yet another.

So on and so on....

Blah Blah Blah.

Why

Why would anyone want to connect stuff to the Internet that doesn't need it?

Appliances, lighting, heating/AC, etc. being hackable is a more massive security risk than losing data on your computer - if someone screws with your gas oven, for example, death is a possible outcome.

To me, power savings and the "hey, cool" factor isn't worth it. Some stuff should not be publicly accessible, and core infrastructure is what comes to mind first.

Mr Bean

Mr Bean did this with television sets:

http://youtu.be/RtNpuYJSwjM?t=6m42s

A dubious product

[pubwvj]

Aye, I was rather dubious of this product for this reason and others. Another fundamental problem is they're taking something simple and cheap and adding a great deal of complexity and cost to it which increases the price, reduces the market and lowers reliability. I don't need lightbulbs that can think for themselves, talk to each other or talk to me. Just turn on and off. That's enough.

Re:A dubious product

Aye, I was rather dubious of this product for this reason and others. Another fundamental problem is they're taking something simple and cheap and adding a great deal of complexity and cost to it which increases the price, reduces the market and lowers reliability. I don't need lightbulbs that can think for themselves, talk to each other or talk to me. Just turn on and off. That's enough.

Why put such expensive kit into a disposable? If I wanted to control my lights, I'd rather pay the tech-cost up front with a special socket that accepts cheap bulbs.

The biggest thing to fear...

Its sold at APPLE STORES!! Oh noes!! FUD FUD FUD!

Philips and Apple are finally ...

[PPH]

... catching up with Lucas Electric

Power Companies

[BetaDays]

Power companies are putting in smart meters that will allow them to turn off your power at their command for unpaid bills but the kicker is that they also will be allowed to turn off your air conditioner when they think it's best for them do to so. Forget if you have an old person living with you that can't take the heat outside. http://tucsoncitizen.com/wryheat/2013/02/18/tep-wants-to-control-your-air-conditioner-this-summer/

Re:Power Companies

[Svenia]

I understand completely in the instance of an unpaid bill, but it seems a bit excessive to turn off someone's AC purely for "cost savings" purposes. If the client opts into it (I.e. - "Why's my bill so high? Complain Complain. - "Well we have this cost savings program you could join..." /shuts-off-ac-remotely), but here in Florida I'd be damned pissed to find they remotely shut off my AC, when I've paid my bill in full, on time every month. It's my damned business if I want to keep my place 70 year round, shut up and take my money.

Re:Power Companies

It's not so much for cost savings but to manage the load on the power system so they don't cause a brownout or overload or something - which would inconvenience a lot more people rather than simply adjusting the temperature setting.

Re:Power Companies

I understand completely in the instance of an unpaid bill

Right, because fuck poor people who can't afford their heating bills, they deserve to freeze.

Re:Power Companies

[Svenia]

I'm not saying I agree with it morally, I'm saying I recognize this is how the world works currently. If I don't pay my electric bill, I'm not going to call and complain in a month when they shut off my electric. Had I wanted to keep it on, I would have paid it. Do you go put groceries in a cart and get mad when the store won't just let you keep them, because you're poor and starving?

If you were offering something constructive, AC, like perhaps they could do a program where people who feel they may overuse their electricity without thinking about it could have a program that would help them conserve so they didn't have this issue at the end of the month, I would understand. Maybe a "smart" system that would update them throughout the month so they could budget their use, etc etc. I don't see your suggestions, other than insinuating that I'm a horrible person because I expect people to pay their bills like responsible adults.

I've been poor, I currently am poor and I'm well aware sometimes you have to choose AC vs antibiotics vs food vs rent. I get it, I do but I don't understand is how someone can run up their bill, not pay it, and get mad when this happens. What precisely did you think would happen?

Re:Power Companies

[Svenia]

If the power company feels the load from the general populace is too extraneous on the system, then why not say just that? Hey look people, we're the only power company here, you're using too much, from now on you can only water your lawns from 5-6 on Tuesdays. (I use this water example since they do that with water here anyways during the dry spells, why not do it with say AC too?) The way the article is worded, and perhaps it's just that I'm reading it that way, sounds more as if it's about money than TEP not being able to handle the amount of energy consumers in the area are demanding.

Why phrase it as a "We'll save you so much money! Against your will! And next year this will become normal, and you won't see the savings, but we will. Go to another power company you say? Go right ahead, there's the door."

From the website - "Residents can see the amount of energy they use in near-real time. Energy saving tips, contests and goals are available on a personal web portal for each participant."

I'm totally ok with this part. I wish I had this. I don't want this to be directly tied into turning off my AC for me because I'm an idiot drone and can't make my own informed decisions.

Re:Power Companies

[plover]

That's certainly not how the Smart Grid has to work.

One way it could work is for you to establish the rate you're willing to pay. A Smart Meter can tell your household appliances "The price of electricity from 4-8PM will follow this schedule: first 2 kWh are $0.20 each. Next 1 kWh is $0.40. Additional kWh are $5.00 each." You can then tell your A/C to "run for no more than 40 minutes per hour whenever the price > $2.00 / kWh", or "run the A/C for no more than $1.00 each hour." Demand pricing would allow you to decide for yourself "I don't want to pay these prices for extra A/C" or "I'm rich and want 70 degrees this afternoon, dammit." Scheduled pricing would allow people on very tight budgets a way to choose between their needs and their wants: TV and a fan, or small window A/C, but maybe not both.

Today I don't have the choice of "spend money and stay cool" or not. Instead, I have a system very much like the one described in the article you quoted. And I'm OK with it.

I had my electric co-op install a peak load controller on my A/C a decade ago. When the electric company sends their signal, the load controller shuts off my A/C for 20 minutes out of each hour. At least 10,000 other co-op members are part of the program as well, and together we have deferred the purchase of a new electric generator by over 10 years - and kept our overall electric rates low as well. My other benefit is that all the electricity my controlled A/C uses is sold to me through a separate meter at their cost: $0.055 / kWh, instead of $0.115 / kWh. My house might go up to a slightly uncomfortable 80 degrees when it's 100 degrees outside, but it knocks at least a hundred dollars off my bill a year. And the program is voluntary; I could call them and have them remove the controller, but then my bill would go back up.

Why do we call buggy control software smart?

[kawabago]

Why do we consider multiple security vulnerabilities in control software a 'smart' device? More like a stupid device designed by a fool!

Repeat after me Wireless is insecure

[WOOFYGOOFY]

Everything wireless is less secure than its wired counterpart. Always prefer wired if given an option.

The only question to ask yourself is how bad is the potential downside?

Just think of the most basic aspects. Wireless by definition means *direct these signals through the air in all directions and receive signals from the air in all directions*

What could possibly go right?

Wireless communication between car components? No thanks!
Wireless lights everywhere? No thanks!

Craptacular

Apparently the android version of the software is awful. It's missing a ton of features available on iOS. They can't even bother to release adequate software on multiple platforms, let alone think about security.

The last three Philips products I've bought have all malfunctioned somehow. I've vowed never to buy their stuff again. I have to admit I was tempted this time. Glad I did not.

simple security rule

[slashmydots]

Has network connection = can be hacked. That's a law of physics. If you don't want your [insert device here] to get hacked, make sure it doesn't have any form of networking capabilities. If you're still on the fence, go watch Ghost in the Shell: Standalone Complex.

Re:simple security rule

[thunderclap]

I'll make it easier because it is so awesome. http://www.youtube.com/watch?v=JTc_ZJ1Hpks

That tagging a black photo in Facebook...

[aklinux]

...sound a little bit like what we used to do with fax machines, Fax someone a black piece of paper. As the leading edge of the paper comes out of the machine, scotch tape it to the trailing edge. Recipient's machine runs until it's out of paper or toner.

Everything old is new again...

199$ for 3 lamps and a bridge ?!

[freaker_TuC]

Quite expensive, knowing a (remote) LED light controller costs only about 25$ and a LED (color)strip costs about 30$ ..

This can be hacked -way cheaper- through a microcontroller like Arduindo ..

Re:199$ for 3 lamps and a bridge ?!

Quite expensive, knowing a (remote) LED light controller costs only about 25$ and a LED (color)strip costs about 30$ ..

This can be hacked -way cheaper- through a microcontroller like Arduindo ..

People always say this. Do it and post the results. Your toy will not do a fraction of what Hue does. If you do the math the Hue hub is about $20. The 55 watt equiv. bulbs create a mesh network. There's more but you've got some soldering to do.

Sooo...

[MrL0G1C]

So, what happens when your lights crash?

Future

[MrL0G1C]

Toaster of 2113:

Takes 2 minutes to boot, has 16 Yottabytes of memory and 2 Xenabytes of permanent storage.

After you put your toast in it, it rejects it on the basis that you've had too much white bread this week and the company doesn't want to be held liable for serving you more unhealthy food. ...After putting some brown bread in the toaster, the toaster plays an ad for some other food you can't eat whilst analyzing the DNA of the bread and checking that the seeds that made the bread were correctly licensed from Monsanto.

Re:Future

[thunderclap]

http://www.youtube.com/watch?v=2KyRCQp32p8 amityville toaster

Why

do hese companies think that people want everything in their home to connect to the internet? I can see my PC, my tablet, my kindle, and my roku. Maybe a smartphone if I had one. Nothing else needs an internet connection for any reason! No my TV will never have a camera and a microphone! The only reason for a TV to have a camera and mic is to violate my privacy.

Same with other appliences and systems in my home. I have a "dumb" phone because a smartphone makes it too easy for my privacy to be violated in too many ways to count! Even then my "dumb" cell phone spends most of its time turned off and in a carry bag with my tablet and Kindle.

If the time ever comes that I cannot get a TV without camera and mic, I will stream video to my laptop. It doesn't have a camera, and its mic is disconnected. So called "smart appliences" that connect to the internet are just another way to violate peoples privacy.