Editorials

Usability and Security Should not be Mutually Exclusive in IoT-Connected Lighting

Interoperability is the goal for many Internet of Things devices. However, one issue that is often overlooked in the installation Internet-connected devices including lighting is the security of such systems. This multi-protocol compatibility that allows interoperability can open up such devices to the security issues of those multiple protocols. The cost of using such convenient lighting controls should not be the security of computer networks and clouds.

A relatively recent New York Times article revealed that a luxury hotel in Austria that had key cards was hacked. Guest could not get into their rooms, and new key cards would not work. The hackers demanded $2000 to give the hotel back control of the keycard system. The owner of the hotel, which has rooms averaging about $550 per night, decided to pay the ransom and has gone back to using old fashioned keys to prevent hacking.

Ransomware has become the Modern form of Piracy

Hackers asking for ransom has become a modern version of piracy. Unfortunately, this is not an isolated incident. In a much more malicious and potentially dangerous incident, a hospital in Los Angeles was hacked, and the Hackers took control of the medical records system. The hackers demanded $17,000 before they would allow the hospital employees to access the critical medical records. In a hospital setting, medical records can mean life or death for patients.

Luxeon High Power

Experts warn that paying such ransoms just encourages and likely funds similar schemes. Many times hackers do even have to have physical access to systems to gain control. For example, hackers in a nearby parking garage have taken control of systems.

Testing for Security Vulnerabilities is Not a One-time Thing

A recent study by IBM Security and the Ponemon Institute found that 80% of respondents do not routinely test their IoT apps for security vulnerabilities. That makes it much easier for criminals to exploit IoT security vulnerabilities to steal, spy, or even cause physical harm.

While lighting in and of itself in an office or business is not the life-or-death issue like healthcare records, having lights go out can disrupt business and make customers want to leave. I could envision a somewhat less malicious hacker controlling the lighting and keeping it off until a ransom is paid to disrupt productivity. Such hacking could be costly for business, and it can be mostly preventable with security built into the lighting system.

Osram found that its Lightify bulbs had been hacked. Osram has since worked to correct the issue.

Zigbee lighting controls, a standard that was meant to be secure, was also found to have some security flaws that could be exploited. For this reason as of at least as of two years ago, Philips hue bulbs, which use ZigBee protocol, could be hacked, according to experts. The experts showed that compromising a single bulb could infect nearby bulbs within minutes even if the bulbs were not part of the same. Philips has worked to correct the issue since then.

According to Tobias Zillner and Sebastian Strobl, security experts at Cognosec, what allowed them to overcome the security of ZigBee was the fact that, no physical access was required, no knowledge of the secret key was necessary, and with ZigBee (at least according to them as of 2015) usability overrides security issues.

These two security experts warned that many connected lighting systems use security that is equivalent to passing plain text passwords. This is unacceptable. The industry should learn that ideally, IoT-connected lighting products should not have to compromise on security to obtain their usability.

More Recent Commentaries and Editorials

Trade Restrictions Bad for All U.S. LED Business (Updated)
Regardless of whether or not we want them, trade restrictions and tariffs are here for goods coming into the U.S. from abroad. I suspect other countries will impose their own tariffs on U.S. goods as…
Read More
Smart Grow Lights, One of the Best Value-Added IoT Applications Yet
Smart grow lights may be the most value-added Internet-connected lighting application yet. A plant growth environment must have the ideal conditions for each stage of plant growth. So, an entirely…
Read More
Study Linking Street Lights to Cancers Has Some Important Flaws
A recently released study has found a link between exposure to blue light of street lights and incidence of breast and prostate cancer. The study was conducted by researchers at the Barcelona…
Read More
Bluetooth and Bluetooth Mesh Compliment IoT
Numerous people have asked me about the Internet of Things. One question that I have gotten several times is something like, "The Internet of Things, that's like when your phone connects to your…
Read More
PoE Lighting and its Role in the future of IoT
In January and February of each year companies announce new product offerings. Just this month, Philip Lighting reported that the company deployed its first Power Over Ethernet lighting system in a…
Read More