Cyber researchers have discovered a vulnerability in Ikea’s Trådfri lighting system. If this flaw is not serious, it nevertheless raises questions about the security of connected objects.
If it’s connected, we can hack it. Cyber experts have found a flaw in Ikea’s Trådfri smart lighting system. They detail their research in a report published on October 5, 2022.
Like the majority of large groups, the Swedish brand relies on the Zigbee protocol to connect connected objects. This wireless network allows the products to communicate with each other and operate in a fully automated manner. Devices may contain a radio transmitter to receive “messages”. Ikea also includes a remote control to control its lamps.
This signal between a remote control and an object, or even between the devices, can be reproduced on the lamps. A criminal can analyze the Zigbee frame, send the same message and therefore control the lighting in the house or simply turn it off. Importantly, the criminal should also be within radio range of the system, which implies that he must stay a hundred meters from the house. The owner will need to turn off their lamps to stop the attack, but the hacker can replicate it as much as they want.
The vulnerability of connected objects
A priori, it is difficult to understand how a hacker would really take advantage of this flaw, except to scare neighbors on Halloween.
Now imagine a hacker finding a matching vulnerability in another IoT device. Zigbee is today the most widely used protocol in home automation. From Samsung to Amazon, via LG, all produce devices compatible with this network. It is estimated that there are approximately 12 billion connected objects in the world. Their number will only increase in the future, and criminals will not miss this phenomenon.
