Researchers Use Smart Bulb for Data Exfiltration

Researchers with software risk measurement and management company Checkmarx were able to create two mobile applications that abuse the functionality of smart bulbs for data exfiltration. For their experiment, the researchers used the Magic Blue smart bulbs, which work with both Android and iOS, and which rely on Bluetooth 4.0 for communication. The devices are made by a Chinese company called Zengge, which claims to be a supplier for brands such as Philips and Osram. The bulbs are marketed as supporting Bluetooth Low Energy (Bluetooth LE or Bluetooth Smart) and the researchers focused on those using the Low Energy Attribute Protocol (ATT). Some of the bulbs are only Bluetooth Smart Ready, the researchers said.