It’s one of the most chilling lines from the movies of the 20th century. My namesake and hometown hero Sir Laurence Olivier repeatedly asked Dustin Hoffman “Is it safe?” while torturing him in a dentist’s chair in the movie classic Marathon Man.

Hoffman’s character’s problem was that he didn’t know what “it” was. So how could he answer?

The recent story that reminded me of this particular movie scene was one from the world of cybersecurity. And it’s a story that just goes to show that in today’s IoT world, that unsafe “it” could be almost anything.

It seems that last year, hackers from Check Point Research (fortunately the “good guys”) found that there were vulnerabilities in the ZigBee wireless protocols used to control a very mundane object – a smart lightbulb.

The lamp in question, the Philips Hue, offers users the ability to control not only the brightness but also the colour of the illumination from a wirelessly connected control bridge.

The Check Point hackers went on to demonstrate that it would be relatively easy for a malicious actor to take control of one of these devices wirelessly from anything up to 100m away.

Once in control of the lightbulb, they simulated a malfunction in the lamp while injecting malicious code that could be used to take over the control bridge for the lighting network once the user had rebooted the lamp to clear the fault.

Once the control bridge had been taken over, they could than target any connected computer network.

This would give them the opportunity to inject malware, ransomware and any other form of mischief into computers that might later be connected to a work network, or even a control system.

So could a compromised lightbulb shut down a production line? It hardly seems likely, but it is certainly possible.

Needless to say, the Check Point team revealed their findings to the manufacturer of the lightbulbs, which closed the loophole and issued a firmware security patch that would be automatically uploaded to all devices in the field.

While that particular vulnerability has been resolved, it does go to show exactly how a security weak point in any connected device – however insignificant – could be exploited to attack major IT and OT assets.

With more and more devices joining the Internet of Things each day, we really should all be asking ourselves “Is it safe?”… just as soon as we can work out what “it” is.

Related news & editorials

  1. 25.08.2021
    by      In
    With the global landscape being so unsettled, it’s great to be coming on board a publication that connects Australian businesses, supports local production and encourages economic growth.
    We can all look forward to enjoying the results of the government’s recent $1.5billion investment into its... Read More
  2. 16.06.2021
    by      In
    Welcome to our bumper 72-page June/July edition of Industry Update, coming to you on the back of a resurgence in economic activity in Australia, manufacturing included. For example, the Ai Group’s Performance of Manufacturing Index for May recorded an eighth consecutive month of recovery, the... Read More
  3. Photo of editor
    by      In
    Thank you for reading Industry Update, which is now in its 26th year of publication. Our print edition has 76,968 readers who page through it to stay on top of what’s happening in both manufacturing and in industry in general. You can read the online edition of our April/May magazine here.
    Industry... Read More
  4. Editor Barry O’Hagan
    by      In , In
    Industry Update would like to give a warm welcome to our new editor, Barry O’Hagan.
    Barry brings a wealth of experience to the role, having worked as a media professional for more than 25 years.
    A former newspaper and magazine journalist, he has a passion for telling the stories of businesses and... Read More