Latest Ikea lightbulb set may cause new botnet attack, cybersecurity group warns

By @amunrhantareon on
People walk alongside an IKEA outlet in Prague, February 25, 2013.  Swedish furniture giant IKEA said on Monday it has stopped selling meatballs from a specific batch which has tested positive for traces of horsemeat by Czech authorities
People walk alongside an IKEA outlet in Prague, February 25, 2013. Reuters/Petr Josek

The new Ikea lightbulb is the latest in its line of "Home Smart" products. However, it seems the popular do-it-yourself (DIY) company's new product may pose a cybersecurity risk.

The new gadgets are designed with the iconic "DIY" brand of the company. The bulbs are boasted to have a "Plug-and-Play" option. This is because the bulbs themselves are compatible with standard socket sizes.

The gadgets are also available in different styles and colour options. Its light bulb variant can have adjustable brightness with a magnetic remote. Another bulb also has a motion sensor kit. This means users can turn on the lights automatically as they walk in. 

The lightbulbs can be controlled through a smartphone application. However, experts believe the "smart bulbs" can pose a cybersecurity risk for users worldwide.

This is through what is known as a "botnet," or a network of computers or gadgets that are controlled through malicious software. A notable "botnet" characteristic is that they are controlled by a third party without the original owner's knowledge.

This botnet can be used to make distributed denial-of-service (DDoS) attacks on a server. This means multiple hacked devices can "ping" servers and eventually cause it to overload. This can shut down entire websites and render applications useless.

The fear of hackers exploiting the Ikea lightbulbs may have come from a recent attack in September 2016. Numerous websites were shut down as hackers took over 145,000 cameras in a course of a few days. 

This DDoS attack was also brought by a botnet with a capacity of at least 1.5 Terabit per second. The attack caused websites such as security news site KrebsOnSecurity and web hosting company OVH to shut down. 

Another attack occurred a month later, in October 2016. This time, hackers used a large DDoS attack on Dyn, a major DNS host. This caused huge websites such as Twitter, Spotify and Reddit to shut down for a few hours. Experts also said these attacks may start to be more common in the next few years. 

A website that is shut down can halt the progress of entire companies and relevant infrastructure. This can disrupt projects and potentially cause harm especially if the attack is directed to servers of airports or traffic. 

Security firm Kaspersky recommends users to take precautions in order to avoid becoming "part" of the botnet. This includes not using default passwords on devices, and updating their gadgets. Users should also check if they need to connect a new device on the Internet. 

According to the Sun, cybersecurity group Hackaday said it might be a matter of time before hackers find a way to infiltrate the smart device. However, an Ikea representative said the new smart bulbs "comply with all regulatory requirements." It also said the bulbs have a "closed platform solution" that secures the smart products. 

Interested users can buy products under the new "smart" Ikea lightbulb line starting from £15 (US$18, AU$24). These include a wide variety of LED bulbs with special features.