Editorials

Usability and Security Should not be Mutually Exclusive in IoT-Connected Lighting

Interoperability is the goal for many Internet of Things devices. However, one issue that is often overlooked in the installation Internet-connected devices including lighting is the security of such systems. This multi-protocol compatibility that allows interoperability can open up such devices to the security issues of those multiple protocols. The cost of using such convenient lighting controls should not be the security of computer networks and clouds.

A relatively recent New York Times article revealed that a luxury hotel in Austria that had key cards was hacked. Guest could not get into their rooms, and new key cards would not work. The hackers demanded $2000 to give the hotel back control of the keycard system. The owner of the hotel, which has rooms averaging about $550 per night, decided to pay the ransom and has gone back to using old fashioned keys to prevent hacking.

Ransomware has become the Modern form of Piracy

Hackers asking for ransom has become a modern version of piracy. Unfortunately, this is not an isolated incident. In a much more malicious and potentially dangerous incident, a hospital in Los Angeles was hacked, and the Hackers took control of the medical records system. The hackers demanded $17,000 before they would allow the hospital employees to access the critical medical records. In a hospital setting, medical records can mean life or death for patients.

Luxeon High Power

Experts warn that paying such ransoms just encourages and likely funds similar schemes. Many times hackers do even have to have physical access to systems to gain control. For example, hackers in a nearby parking garage have taken control of systems.

Testing for Security Vulnerabilities is Not a One-time Thing

A recent study by IBM Security and the Ponemon Institute found that 80% of respondents do not routinely test their IoT apps for security vulnerabilities. That makes it much easier for criminals to exploit IoT security vulnerabilities to steal, spy, or even cause physical harm.

While lighting in and of itself in an office or business is not the life-or-death issue like healthcare records, having lights go out can disrupt business and make customers want to leave. I could envision a somewhat less malicious hacker controlling the lighting and keeping it off until a ransom is paid to disrupt productivity. Such hacking could be costly for business, and it can be mostly preventable with security built into the lighting system.

Osram found that its Lightify bulbs had been hacked. Osram has since worked to correct the issue.

Zigbee lighting controls, a standard that was meant to be secure, was also found to have some security flaws that could be exploited. For this reason as of at least as of two years ago, Philips hue bulbs, which use ZigBee protocol, could be hacked, according to experts. The experts showed that compromising a single bulb could infect nearby bulbs within minutes even if the bulbs were not part of the same. Philips has worked to correct the issue since then.

According to Tobias Zillner and Sebastian Strobl, security experts at Cognosec, what allowed them to overcome the security of ZigBee was the fact that, no physical access was required, no knowledge of the secret key was necessary, and with ZigBee (at least according to them as of 2015) usability overrides security issues.

These two security experts warned that many connected lighting systems use security that is equivalent to passing plain text passwords. This is unacceptable. The industry should learn that ideally, IoT-connected lighting products should not have to compromise on security to obtain their usability.

More Recent Commentaries and Editorials

Smart Cities and IoT Bring us into Brave New World
This week I went to the SmartCitiesConnect 2017 Conference in Austin. When I later told people about the conference, I was inevitably asked, "What is a smart city?" The answer that I eventually…
Read More
Sensor Feedback can Virtually Eliminate Changes in Output and Color Over Time for Many Years
LEDs inherently fade in brightness over time and they also gradually shift in color. How quickly their brightness degrades and their color shifts depends on the LEDs and their operating…
Read More
Usability and Security Should not be Mutually Exclusive in IoT-Connected Lighting
Interoperability is the goal for many Internet of Things devices. However, one issue that is often overlooked in the installation Internet-connected devices including lighting is the security of such…
Read More
Not All Blue Light the Same

Guest Editorial

By John Bachner Executive Director of the National Lighting Bureau AMA LIGHTING RECOMMENDATIONS BASED ON…
Read More
Why Augmented Reality Could be the Ideal Interface for Many Lighting and IOT Apps
I recently reported on a company called Tridonic who along with Zumtobel worked with augmented and virtual reality firm Eon Reality to create an interface for their lighting control and IoT…
Read More