Researchers from the University of Texas published a paper on evaluating the novel attacks that take advantage of connected lights that create a new attack surface, which can be maliciously used to violate users privacy and also steal confidential data from people.
The research paper evaluates the feasibility of exploiting smart light’s infrared lighting functionality of and to exfiltrate the user private data secretly from the secured personal devices like smartphone or computers.
Attackers can launch such a novel attack by carefully manipulating the infrared light by creating a covert-channel communication between the smart lights and the device that senses the infrared light. By having a malicious agent installed on the phone the attackers can encode the private data and transfer them through the infrared covert channel.
This research shows that connected smart light can be used as a covert-channel to exfiltrate the user’s private data by taking advantage of light emitted by modern smart bulbs.
Researchers have taken the two popular LIFX and Phillips Hue smart light systems that support millions of colors for examination.
So when next time you work under those magic lights, keep in mind that those lights could be extracting your information too.