Latest Software Update: March 2024. We have released a major update for the Pangolin Smart Firewall app on Android and iOS which improves the readability and usability of the alerts module. Please update your app to take advantage of this new feature.

Pangolin Store

Smart lightbulbs shine new spotlight on digital spying

Smart lightbulbs shine new spotlight on digital spying

Jun 03, 2020

Filed under: CybersecurityData TheftInternet of ThingsNewsPrivacySmart DeviceSpying

When we install smart devices in hour homes, like fridges, vacuums, TVs, and

microwaves, we don’t normally think of them as security threats.

A report by cybersecurity firm Dark Cubed seems to have uncovered another new threat, one that most of us would never have imagined: smart lightbulbs.

While testing a dozen commercially available lightbulbs, the experts found security flaws. However, these vulnerabilities went beyond the normal realm of

manufacturer neglect, and they’ve even claimed that the vulnerabilities were so

glaring that they could not have been a result of oversight.

Even more concerning is the fact that the smart lightbulbs, while being tested, sent over a million communications to 3000 external servers.

The destination of these communications? The US, Germany, Hong Kong, and China.

Among the security concerns for the different hardware tested were:

  • Insufficient encryption of information transmitted

  • Encryption certificates that couldn’t be validated

  • Vulnerabilities to man-in-the-middle attacks

The connected Android apps also requested a shocking amount of permissions to:

  • Your live location

  • Record audio

  • Read and write to external storage on your phone

Additionally, at least one of the apps requested a SYSTEM_ALERT_WINDOW permission. This allows apps to launch other apps without permission, steal information from other apps, or even allow other malware to be downloaded to a device.

The most concerning thing about the study, however, is the fact that a number of the devices and their paired Android apps were sending data to Chinese servers that the experts could not decrypt.

These findings are a cause for concern because no one knows who exactly has access to this encrypted data, and what is being done with it.

At the very least, they prove to be a stark reminder that our digital privacy is not safe when left to the hands of manufacturers. It’s important that we understand and take responsibility for our online data safety.

Finally, this particular case is also a good cautionary tale that should help us remember that simple things, like lightbulbs, may not necessarily need to be upgraded and connected to the internet. At least there’s no risk when you just flip a switch on the wall.

Join the Pangolin Community

Sign up to get notified about our latest blog posts, and get updates about Pangolin!

English