IoT Software vulnerability in the IKEA TRÅDFRI smart lighting system
by The Production Team

Researchers at the Synopsys Cybersecurity Research Center (CyRC) have discovered an availability vulnerability in the IKEA TRÅDFRI smart lighting system.

An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control.

To illustrate how this would affect a user, Jonathan Knudsen, head of global research, Synopsys Cybersecurity Research Centre, shows a demo on how an attacker can exploit the vulnerability in smart lighting in this short one and half minute video (https://youtu.be/5BwiyaWg_8o). It is also to highlight how it can be dangerous if an attacker disrupts or controls other smart IoT devices such as home security systems, smart door locks, thermostats, smoke detectors, kitchen appliances and more.

For more details on the vulnerabilities, please visit:

https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/

 

Hui Peng & Pauline
McGallen & Bolden Pte Ltd
Email: prsg@mcgallen.com
Tel: +65 3158 8688  |  HP/WhatsApp: +65 96164869

###

 

About the Synopsys Software Integrity Group  

Synopsys Software Integrity Group helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle. Learn more at www.synopsys.com/software.

 

About Synopsys  

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As an S&P 500 company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and offers the industry’s broadest portfolio of application security testing tools and services. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing more secure, high-quality code, Synopsys has the solutions needed to deliver innovative products. Learn more at www.synopsys.com.

The Production Team

The KBI Production Team write and hunt down the information security professionals need to know. They present news updates and thought-piece articles designed to provide educational content and insights for the industry. You can reach out with any ideas or requests for subject coverage to production@kbi.media with your message.

Share This