It’s one of the most chilling lines from the movies of the 20th century. My namesake and hometown hero Sir Laurence Olivier repeatedly asked Dustin Hoffman “Is it safe?” while torturing him in a dentist’s chair in the movie classic Marathon Man.

Hoffman’s character’s problem was that he didn’t know what “it” was. So how could he answer?

The recent story that reminded me of this particular movie scene was one from the world of cybersecurity. And it’s a story that just goes to show that in today’s IoT world, that unsafe “it” could be almost anything.

It seems that last year, hackers from Check Point Research (fortunately the “good guys”) found that there were vulnerabilities in the ZigBee wireless protocols used to control a very mundane object – a smart lightbulb.

The lamp in question, the Philips Hue, offers users the ability to control not only the brightness but also the colour of the illumination from a wirelessly connected control bridge.

The Check Point hackers went on to demonstrate that it would be relatively easy for a malicious actor to take control of one of these devices wirelessly from anything up to 100m away.

Once in control of the lightbulb, they simulated a malfunction in the lamp while injecting malicious code that could be used to take over the control bridge for the lighting network once the user had rebooted the lamp to clear the fault.

Once the control bridge had been taken over, they could than target any connected computer network.

This would give them the opportunity to inject malware, ransomware and any other form of mischief into computers that might later be connected to a work network, or even a control system.

So could a compromised lightbulb shut down a production line? It hardly seems likely, but it is certainly possible.

Needless to say, the Check Point team revealed their findings to the manufacturer of the lightbulbs, which closed the loophole and issued a firmware security patch that would be automatically uploaded to all devices in the field.

While that particular vulnerability has been resolved, it does go to show exactly how a security weak point in any connected device – however insignificant – could be exploited to attack major IT and OT assets.

With more and more devices joining the Internet of Things each day, we really should all be asking ourselves “Is it safe?”… just as soon as we can work out what “it” is.

Related news & editorials

  1. Photo of editor
    by      In
    Thank you for reading Industry Update, which is now in its 26th year of publication. Our print edition has 76,968 readers who page through it to stay on top of what’s happening in both manufacturing and in industry in general. You can read the online edition of our April/May magazine here.
    Industry... Read More
  2. Editor Barry O’Hagan
    by      In , In
    Industry Update would like to give a warm welcome to our new editor, Barry O’Hagan.
    Barry brings a wealth of experience to the role, having worked as a media professional for more than 25 years.
    A former newspaper and magazine journalist, he has a passion for telling the stories of businesses and... Read More
  3. Annamarie Reyes
    by      In
    As if we are not being tested enough already, our Covid normal now asks us to get used to intermittent lockdowns on our state borders.
    Early this year we witnessed in WA how mid-flight passengers were made aware of a snap lockdown after a single case of Covid-19 was sourced to a quarantine worker... Read More
  4. If you were unlucky enough to be on a plane mid-flight when the lockdown was imposed, you have to go into lockdown as well.
    by      In , In
    One case. Just one case of Covid-19 from a hotel quarantine security guard in Perth has caused Premier Mark McGowan to announce a snap lockdown of the city and two regions in Western Australia.
    But what about people on their way to Perth on business? Those in the manufacturing industry need to... Read More