"Smart" light bulbs promise energy efficiency and customizable features for homeowners, like remote-controlled mood lighting. But are they also a security risk? Maybe so, according to a recent study that explored how cybercriminals can use popular smart bulb brands to target people's personal information.
Shoppers spent nearly $8 billion on smart bulbs last year, according to researchers at the University of Texas at San Antonio. That amount is expected to more than triple to $28 billion in less than a decade as homeowners increasingly link their abodes to the internet.
But the report — which looked at smart bulb brands including eufy, Geeni, LIFX, MagicLight, Nanoleaf, Philips Hue and Teckin — found that the devices come with their own risks when not properly safeguarded from cyberattacks.
"Think of the bulb as another computer," said Murtuza Jadliwala, computer science professor at University of Texas at San Antonio. "These bulbs are now poised to become a much more attractive target for exploitation even though they have very simple chips."
Like the internet, some smart bulbs that are infrared-enabled can be controlled by hackers who use the infrared wavelength to directly access data on a person's home digital network. That includes text messages, photos and videos on any computer or mobile device. Owners may not even be aware of the hack since it came from within their home's own network.
"Most users don't know that the invisible wave spectrum can be controlled. You can misuse those lights," Jadliwala said.
Anindya Maiti, a co-author of the report, said the researchers tested smart bulbs for their vulnerability to being hacked from distances of 50 meters, meaning hackers would have to operate from within that distance to target users. But Maiti didn't rule out attacks from even longer distances.
In the short term, the researchers advise shoppers to search for smart bulbs that require a smart home hub, a centralized software device where internet-connected devices can communicate directly with each other instead of the WiFi network.
That can make it more difficult for hackers to access a home. But the researchers said it is even more important for manufacturers to build in authentication protocols to verify owners, such as when a mobile application asks a smartphone user for permission before accessing a camera or microphone.
Smart bulbs aren't the only web-enabled home devices to have raised privacy concerns of late. Earlier this year, for instance, reports surfaced about an Illinois couple who saidthrough one of their Google Nest security cameras. The couple suspected the hacker even raised their thermostat to 90 degrees.