It’s one of the most chilling lines from the movies of the 20th century. My namesake and hometown hero Sir Laurence Olivier repeatedly asked Dustin Hoffman “Is it safe?” while torturing him in a dentist’s chair in the movie classic Marathon Man.

Hoffman’s character’s problem was that he didn’t know what “it” was. So how could he answer?

The recent story that reminded me of this particular movie scene was one from the world of cybersecurity. And it’s a story that just goes to show that in today’s IoT world, that unsafe “it” could be almost anything.

It seems that last year, hackers from Check Point Research (fortunately the “good guys”) found that there were vulnerabilities in the ZigBee wireless protocols used to control a very mundane object – a smart lightbulb.

The lamp in question, the Philips Hue, offers users the ability to control not only the brightness but also the colour of the illumination from a wirelessly connected control bridge.

The Check Point hackers went on to demonstrate that it would be relatively easy for a malicious actor to take control of one of these devices wirelessly from anything up to 100m away.

Once in control of the lightbulb, they simulated a malfunction in the lamp while injecting malicious code that could be used to take over the control bridge for the lighting network once the user had rebooted the lamp to clear the fault.

Once the control bridge had been taken over, they could than target any connected computer network.

This would give them the opportunity to inject malware, ransomware and any other form of mischief into computers that might later be connected to a work network, or even a control system.

So could a compromised lightbulb shut down a production line? It hardly seems likely, but it is certainly possible.

Needless to say, the Check Point team revealed their findings to the manufacturer of the lightbulbs, which closed the loophole and issued a firmware security patch that would be automatically uploaded to all devices in the field.

While that particular vulnerability has been resolved, it does go to show exactly how a security weak point in any connected device – however insignificant – could be exploited to attack major IT and OT assets.

With more and more devices joining the Internet of Things each day, we really should all be asking ourselves “Is it safe?”… just as soon as we can work out what “it” is.

Related news & editorials

  1. 20.10.2020
    by      In
    It is a long way back from the COVID recession, more so in Victoria than the rest of Australia because of the severity and length of the lockdowns ordered by Premier Daniel Andrews. 
    Mr Andrews did not lift the restrictions on retail and hospitality businesses as industry groups had hoped in... Read More
  2. 27.04.2020
    by      In
    COVID-19 has exposed what everybody already knew, but for years was too polite to mention: that much of the first world is over-reliant on supply chains out of China.
    But who could have predicted such a death toll, such a sudden restriction in global trade, such demand for products such as medical... Read More
  3. 12.11.2019
    by      In
    Looking at the recently released Safe Work Australia work-related traumatic injuries and fatalities statistics I have become rather alarmed at the prevalence of injuries and fatalities among older workers.
    While the figures, which have just been released for 2018, do show a continual decline in... Read More
  4. 08.10.2019
    by      In
    These are strange days in which we live. So many of the great trading nations of the world have begun to “shut up shop” that the accepted global economic paradigms are beginning to have a very hollow ring.
    The post-WWII acceptance that free trade does more to bring nations together and to generate... Read More