430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts demonstrate how to exfiltrate data using smart bulbs

Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0. The devices are manufactured by the Chinese company called […]

smart bulbs analysis

Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration.

Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration.

The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0. The devices are manufactured by the Chinese company called Zengge and could be controlled using both Android and iOS apps.

The company supplies major brands like Philips and Osram etc.

The experts focused their study on devices using the Low Energy Attribute Protocol (ATT) to communicate.

The first test made by the experts consisted of sniffing communication between the smart bulbs and the paired Mobile Application. The pairing method used by the researcher is Just Works.

The experts paired the Android mobile phone with the iLight app and started sniffing the traffic while changing the colors of the smart bulbs.

In this way, the researchers discovered the commands sent by the mobile app to the smart bulbs. The team made a reverse engineering of the Mobile Application using the jadx tool.

 smart bulbs analysis

Once gained the complete control of the bulbs, experts started working on an application that leverages the light of the bulbs to transfer information from a compromised device to the attacker.

“The main plan for exfiltration was to use light as a channel to transfer information from a compromised device to the attacker. Light can achieve longer distances, which was our goal.” reads the analysis published by the experts.

“Imagine the following attack scenario: a BLE device (smartphone) gets compromised with malware. The malware steals the user’s credentials. The stolen information is sent to an attacker using a BLE light bulb nearby.”

smart bulbs analysis 2

Checkmark experts used a smartphone connected to a telescope to receive the exfiltrated data without raising suspicion.

The researchers created two applications for the data exfiltration, one installed on the victim’s mobile device and the other users on the attacker’s mobile device to receive and interpret the data.

The application installed on the victim’s device modulates the light intensity to transfer data, it runs in either Normal or Stealth mode. The Stealth mode is hard to detect to the victim’s eye because it uses the shades of blue.

“We created two apps, the first app for sending the exfiltrated data and a second one for receiving it. The app that transmits the information changes the blue light intensity – weaker for binary 1 and stronger for binary 0. The app has two options: Normal mode and Stealth mode. The first one may be visible to human-eye and the stealth mode is very hard to detect because of the variations of shades of blue used.” continues the experts.

Below a video PoC created by the experts.

“These methods will work on every smart bulb that allows control by an attacker. In the future, we would like to create a better proof of concept that allows us to test a database of vulnerable bulbs and even implement AI to learn and implement new bulbs along the way,” Checkmarx concludes.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – data exfiltration, smart bulbs)

[adrotate banner=”5″]

[adrotate banner=”13″]