IKEA Smart Bulb Vulnerability: Another Reason Not to Integrate Smart Homes?

Recently, researchers announced the discovery of a new security flaw found in IKEA smart bulbs that allows for remote control and ownership. What exactly is the vulnerability, how could such a vulnerability be avoided, and is this further evidence against smart homes?

IKEA Tradfri security flaw discovered

Cybersecurity researchers from the Synopsys Cybersecurity Research Center recently discovered a major security flaw in IKEA’s Tradfri range of smart bulbs. The smart home devices are designed to allow users to control light bulbs from smartphones and utilise the Zigbee network (specifically, Zigbee Light Link). However, the researchers noted that if a malformed Zigbee frame is sent to the bulb, it causes the light to blink. This blink can be disturbing, but the researchers also discovered that sending enough malformed frames causes the bulb to undergo a factory reset. This may happen because the Zigbee controller interprets multiple failed messages as a potentially serious hardware and/or software error and thus resets to a factory state to allow users to reconfigure the faulty device.

SPECIAL NOTE – After watching a video on how to reset an IKEA light bulb, it’s evident that the error arises because resetting the light bulb requires 6 on/off cycles. As such, each partial blink is interpreted as an on/off sequence.

But while initiating a factory reset may sound like a good idea in practice, it allowed the researchers to take control of the freshly reset device, thus preventing the original owner from controlling the light. Worse, there is no known fix for the bug, meaning that all IKEA smart bulbs currently in use will be vulnerable to the bug, and even users who manually reset their smart bulbs can see them quickly taken back over. Other bugs have been found in the Tradfri range of products, including the gateway, but unlike the bulb, updates can be used to prevent unauthorised access as well as unexpected system reboots.

How could such vulnerabilities be avoided?

By far, one of the biggest security challenges with simple IoT devices is pushing updates that fix bugs. Simpler hardware platforms are designed to be as cheap as possible, meaning they will have numerous features missing. One such feature that is often missing in cheap platforms is over-the-air update support, while another important feature is reprogrammable configuration settings through OTA updates.

But OTA updates and reprogrammable configuration bits can only go so far; sometimes, the underlying silicon can be at fault. Modern IoT SoCs, even cheap ones, combine all system resources into a single package, and this includes the CPU, memory, peripherals, and network controllers. It is perfectly possible (and does indeed happen) that network controllers or peripherals contain bugs that allow for forced reboots, arbitrary execution, or dumping of private memory. As these issues lie in the silicon, it is unlikely that any number of software updates will ever fix the vulnerabilities.

To avoid these issues, there are very few options available to engineers. By far, the most obvious solution is to choose platforms oriented around security, but of course, this introduces a price issue. No one is going to buy a smart bulb if it costs three times as much as the next smart bulb. The other option is for engineers to consider splitting a design into two distinctive parts. In the case of the light bulb, the network controller could be kept outside of the main processor, which prevents the entire system from being reset in the event of a bad frame. 

This could be taken even further with the addition of a cheaper secondary microcontroller whose sole purpose is to monitor the activity of the main processor and network controller. If any interference or abnormal behaviour is detected, the microcontroller can prevent the main processor from operating, forcing the device owner to physically cause a reboot with a reset switch.

Does this add to the growing pile of evidence against smart homes?

If there is one fact that this bug clearly supports, it’s that future IoT devices simply cannot be based on simple SoCs with limited memory and limited security features. By far, the best solution to an IoT network is where every IoT device is a computer in its own right running an operating system with numerous advanced features, from malware detection, device management, reporting, and remote OTA. 

Of course, such microcomputer systems would be extremely costly and bulky, but developments in the field of computing could soon make this viable, mainly thanks to the advances in mobile processor tech. Even if the operating system run by an individual IoT device is a heavily stripped-down version of Linux, having the complex software capabilities offered by such an OS would grant significant capabilities to that device.

But the use of such an OS could introduce new bugs and flaws through poorly written code, and this may, in turn, make IoT devices just as vulnerable (if not more). Furthermore, such an OS will still struggle to solve hardware bugs, which is why future electronics may start to shift towards FPGA designs. The era of software-defined hardware will see reprogrammable circuits have the ability to recover from hardware bugs, thus potentially increasing the lifespan of installed hardware. 

However, as things currently stand in the field of IoT, smart homes provide little benefit when considering how the smart device market is full of bugs and flaws, some of which cannot be fixed. Worse, devices with known bugs may remain on the market for months at a time before bugs are announced to the public. 

Should you set up a smart home? At this point in time, I would say no.