Saturday, May 3, 2025
HomeSecurity HackerNew Research Shows Smart Light Can Be Used To Steal User’s Private...

New Research Shows Smart Light Can Be Used To Steal User’s Private Data Invisibly

Published on

SIEM as a Service

Follow Us on Google News

New research shows that connected smart light can be used as a covert-channel to exfiltrate the user’s private data by taking advantage of light emitted by modern smart bulbs.

Researchers from the University of Texas published a paper on evaluating the novel attacks that take advantage these connected lights create a new attack surface, which can be maliciously used to violate users privacy.

The research paper evaluates the feasibility of exploiting smart light’s infrared lighting functionality of and to exfiltrate the user private data invisibility from the secured personal device.

Attackers can launch such a novel attack by carefully manipulating the infrared light by creating a covert-channel communication between the smart lights and the device that senses the infrared light. By having a malicious agent installed on the phone the attackers can encode the private data and transfer them through the infrared covert channel.
- Advertisement - Google News
smart lights

Researchers have taken the two popular LIFX and Phillips Hue smart light systems that support millions of colors for examination.

Threats Taking Advantage of Audio and Video Visualizing

The smart bulbs react based on the high and low audio tones by fluctuating its output light brightness, it fluctuates more with higher audio amplitudes and less with lower audio amplitudes. Researchers observed luminance-profile suffers minor distortions across multiple recordings.

When video-visualization is turned on in the mobile app, the smart bulb reacts to the colors present in the input video stream by changing its output light color to the average RGB composition of the current frame in the video.

smart lights

The inference attack starts with the adversary recording the observed luminance-profile. To evaluate the audio and video inference and data to exfiltrate research done an experimental setup with an internal and an external observation point.

Covert Data Exfiltration

Researchers present an adversary can actively and covertly exfiltrate private data from within a smart light user’s personal device or network. This attack possible with the smart lights(LIFX) that connected through the hub with lack of permission controls.

Whereas with the Phillips Hue ecosystem with permission controls can be used in the attack only if the malicious application installed on the user’s smartphone.

smart lights

The infrared spectrum remains undetected to human eyes and it for longer durations and the channel bandwidth be a deciding factor for such type of attacks.

Mitigations for proposed threats

By reducing the light transmittance causes the attacks to perform poorly, the brightness of the bulbs can be reduced to minimize the inference attacks and to prevent the exfiltration attack, strong network rules can be enforced.

Also Read

Famous Indian Bank SWIFT/ATM System Hacked – Hackers Stolen US$13.5 Million – A High Profile Cyber Attack

A New Ransomware Attack Posed as Windows Activator Emerging in Wild With Hidden Functions

Kali Linux 2018.3 Released With lots of Hacking Tool Updates for Security Assessments

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid...

NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys

Researchers have uncovered significant security vulnerabilities in NVIDIA Riva, a breakthrough AI speech technology...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

INDOHAXSEC Hacker Group Allegedly Breaches Malaysia’s National Tuberculosis Registry

The Indonesian hacker group "INDOHAXSEC" has allegedly breached the National Tuberculosis Registry (NTBR) of...

Europe’s Most Wanted Teenage Hacker Arrested

Julius “Zeekill” Kivimäki, once Europe's most wanted teenage hacker, has been arrested. Kivimäki, known for his involvement with the notorious Lizard Squad,...

MySQL Security Best Practices Guide – 2024

MySQL stands out for its reliability and efficiency among the various database systems available....