Smart bulbs turn dumb: Lights out for Philips as Hue API goes dark

Which bright spark should we blame after this illuminating revelation of current affairs?


Philips' Hue smart-home lighting has had an embarrassing outage with its API going offline for four hours on Thursday, preventing customers from accessing the system remotely.

On the same day that the company launched its new service – where its lights will respond automatically to streaming music and games – the system died for anyone trying to activate the hardware while outside their house, or using voice control. In-home control was unaffected.

The loss of remote control mirrors a similar outage with Nest earlier this month where customers were unable to use the Nest app remotely to unlock doors or turn off/on its security alarm.

segula_bulb_648

IoT worm can hack Philips Hue lightbulbs, spread across cities

READ MORE

Neither company has provided an explanation for what went wrong, but based on anecdotal reports and a rough understanding of how the systems work, it looks a lot like a DNS issue in both cases.

That could be a misconfigured DNS server, or a mistake in the code of a software update, or possibly a DDoS attack on specific servers from potential extortionists. We have asked both companies for a more detailed explanation.

"We are aware of the current issue linked to remote connectivity (out of home, voice control). We're working hard to solve the issue asap," the biz stressed on its Twitter account.

An hour later it promised it was making progress on the issue and then three hours after that message said the issue was "Solved! All systems are good to go" before offering "sincere apologies for the inconvenience caused. We are fully investigating the root cause to avoid and prevent any reoccurrence."

Worried?

It's hard to make much from that message but the fact that voice control was affected whereas local control wasn't would strongly suggest an internet-based problem, because we understand that voice controls on the Hue system are send up to the company's servers to be understood and then the relevant control sent back down to the system.

We can't really think of any good reasons why remote control of Hue lights would be useful. But that is besides the point: the one big factor preventing a broader update of smart home products is the concern that their connection to the larger internet opens the system up to potential hacking, or unexpected problems.

Such as earlier this month when Amazon's Alexa went rogue and decided it had heard one couple telling it to send a message to someone in the husband's contacts list, and then recorded and sent a discussion about hardwood floors to one of his employees without them realizing.

The outages themselves are often short-lived and so far we haven't seen any connection to hacking to the theft of information, but they are a constant reminder that connecting anything to the internet brings with it risks. ®


Other stories you might like

  • Yet again, Cream Finance skimmed by crooks: $130m in crypto assets stolen

    Third time's the unlucky charm for loan outfit

    Decentralized finance biz Cream Finance became further decentralized on Wednesday with the theft of $130m worth of crypto assets from its Ethereum lending protocol.

    Cream (cream.finance and not creamfinance.com) reported the loss via Twitter, the third such incident for the loan platform this year.

    "Our Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed on October 27, 1354 UTC," the Taiwan-based biz said. "The attacker removed a total of ~$130m USD worth of tokens from these markets, using this address. No other markets were impacted."

    Continue reading
  • OpenID-based security features added to GitHub Actions as usage doubles

    Single-use tokens and reusable workflows explained at Universe event

    GitHub Universe GitHub Actions have new security based on OpenID, along with the ability to create reusable workflows, while usage has nearly doubled year on year, according to presentations at the Universe event.

    The Actions service was previewed three years ago at Universe 2018, and made generally available a year later. It was a huge feature, building automation into the GitHub platform for the first time (though rival GitLab already offered DevOps automation).

    It require compute resources, called runners, which can be GitHub-hosted or self-hosted. Actions are commands that execute on runners. Jobs are a sequence of steps that can be Actions or shell commands. Workflows are a set of jobs which can run in parallel or sequentially, with dependencies. For example, that deployment cannot take place unless build and test is successful. Actions make it relatively easy to set up continuous integration or continuous delivery, particularly since they are cloud-hosted and even a free plan offers 2,000 automation minutes per month, and more than that for public repositories.

    Continue reading
  • REvil gang member identified living luxury lifestyle in Russia, says German media

    Die Zeit: He's got a Beemer, a Bitcoin watch and a swimming pool

    German news outlets claim to have identified a member of the infamous REvil ransomware gang – who reportedly lives the life of Riley off his ill-gotten gains.

    The gang member, nicknamed Nikolay K by Die Zeit newspaper and the Bayerische Rundfunk radio station, reportedly owns a €70,000 watch with a Bitcoin address engraved on its face and rents yachts for €1,300 a day whenever he goes on holiday.

    "He seems to prefer T-shirts from Gucci, luxurious BMW sportscars and large sunglasses," reported Die Zeit, which partly identified him through social media videos posted by his wife.

    Continue reading

Biting the hand that feeds IT © 1998–2021