Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Agenda

You are here

Home » Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security
Tweet

connect with us

Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security

Authors: 

Temitope Oluwafemi, Tadayoshi Kohno, Sidhant Gupta, and Shwetak Patel, University of Washington

Abstract: 
  • Background. With a projected rise in the procurement of home automation systems, we experimentally investigate security risks that homeowners might be exposed to by compact fluorescent lamps (CFL), where the lamps themselves do not have network capabilities but are controlled by compromised Internet-enabled home automation systems.
  • Aim. This work seeks to investigate the feasibility of causing physical harm—such as through the explosion of CFLs—to home occupants through an exploited home automation system.
  • Method. We set up a model of a compromised automated home; placing emphasis on a connected Z-Wave enabled light dimmer. Four distinct electrical signals were then applied to two different brands of CFLs connected to a Z-Wave enabled light dimmer until they popped or gave way.
  • Results. Three of ten CFLs on which we conducted our experiments popped, although not to the degree of explosions we expected. The seven remaining CFLs gave way with varying times to failure indicating process and design variations. We did find that it was possible to produce fluctuations at an appropriate frequency to induce seizures. We were also able to remotely compromise a home automation controller over the Internet. Due to timing constraints, however, we were only able to compromise the light bulbs via an adversary-controlled device using open-zwave libraries, and not via the compromised controller.
  • Conclusions. Our results demonstrated that it will be hard for an attacker to use the described methods to harm homeowners, although we do demonstrate the possibility of attacks, particularly if the homeowner suffers from epilepsy. However, and more importantly, our work demonstrates that non-networked devices—such as light bulbs—might be connected to networked devices and hence can be attacked by remote adversaries.

Temitope Oluwafemi, University of Washington

Tadayoshi Kohno, University of Washington

Sidhant Gupta, University of Washington

Shwetak Patel, University of Washington

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {179014,
author = {Temitope Oluwafemi and Tadayoshi Kohno and Sidhant Gupta and Shwetak Patel},
title = {Experimental Security Analyses of {Non-Networked} Compact Fluorescent Lamps: A Case Study of Home Automation Security},
booktitle = {LASER 2013 (LASER 2013)},
year = {2013},
isbn = {978-1-931971-06-5},
address = {Arlington, VA},
pages = {13--24},
url = {https://www.usenix.org/laser2013/program/oluwafemi},
publisher = {USENIX Association},
month = oct,
}
Download
Oluwafemi PDF
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us