You are here
Home » Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security
Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security
Authors:
Temitope Oluwafemi, Tadayoshi Kohno, Sidhant Gupta, and Shwetak Patel, University of Washington
Abstract:
- Background. With a projected rise in the procurement of home automation systems, we experimentally investigate security risks that homeowners might be exposed to by compact fluorescent lamps (CFL), where the lamps themselves do not have network capabilities but are controlled by compromised Internet-enabled home automation systems.
- Aim. This work seeks to investigate the feasibility of causing physical harm—such as through the explosion of CFLs—to home occupants through an exploited home automation system.
- Method. We set up a model of a compromised automated home; placing emphasis on a connected Z-Wave enabled light dimmer. Four distinct electrical signals were then applied to two different brands of CFLs connected to a Z-Wave enabled light dimmer until they popped or gave way.
- Results. Three of ten CFLs on which we conducted our experiments popped, although not to the degree of explosions we expected. The seven remaining CFLs gave way with varying times to failure indicating process and design variations. We did find that it was possible to produce fluctuations at an appropriate frequency to induce seizures. We were also able to remotely compromise a home automation controller over the Internet. Due to timing constraints, however, we were only able to compromise the light bulbs via an adversary-controlled device using open-zwave libraries, and not via the compromised controller.
- Conclusions. Our results demonstrated that it will be hard for an attacker to use the described methods to harm homeowners, although we do demonstrate the possibility of attacks, particularly if the homeowner suffers from epilepsy. However, and more importantly, our work demonstrates that non-networked devices—such as light bulbs—might be connected to networked devices and hence can be attacked by remote adversaries.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {179014,
author = {Temitope Oluwafemi and Tadayoshi Kohno and Sidhant Gupta and Shwetak Patel},
title = {Experimental Security Analyses of {Non-Networked} Compact Fluorescent Lamps: A Case Study of Home Automation Security},
booktitle = {LASER 2013 (LASER 2013)},
year = {2013},
isbn = {978-1-931971-06-5},
address = {Arlington, VA},
pages = {13--24},
url = {https://www.usenix.org/laser2013/program/oluwafemi},
publisher = {USENIX Association},
month = oct
}
author = {Temitope Oluwafemi and Tadayoshi Kohno and Sidhant Gupta and Shwetak Patel},
title = {Experimental Security Analyses of {Non-Networked} Compact Fluorescent Lamps: A Case Study of Home Automation Security},
booktitle = {LASER 2013 (LASER 2013)},
year = {2013},
isbn = {978-1-931971-06-5},
address = {Arlington, VA},
pages = {13--24},
url = {https://www.usenix.org/laser2013/program/oluwafemi},
publisher = {USENIX Association},
month = oct
}
connect with us