Extended Functionality Attacks on IoT Devices: The Case of Smart Lights.

In this paper we consider the security aspects of Internet of Things (IoT) devices, which bridge the physical and virtual worlds. We propose a new taxonomy of attacks, which classifies them into four broad categories. The most interesting category (which we call functionality extension attacks) uses the designed functionality of the IoT device to achieve a totally different effect. To demonstrate this type of attack, we consider the case of smart lights (whose original functionality is just to control the color and intensity of the lights in a particular room) and show how to use them to achieve unrelated effects. In the first attack, we use smart lights as a covert LIFI communication system to exfiltrate data from a highly secure (or even fully airgapped) office building. We implemented the attack and were able to read the leaked data from a distance of over 100 meters using only cheap and readily available equipment. In another attack, we showed that an attacker can strobe the lights at a frequency which may trigger seizures in people suffering from photosensitive epilepsy (in the same way that rapidly flashing video games can cause such seizures). In our experiments, we have tested both high-end and lower-end smart light systems, ranging from an expensive Philips HUE system to a cheap system manufactured by LimitlessLED. In addition, we consider other weaknesses of the systems we tested, and propose feasible remedies for the problems we found.