FIGURE 1-19. Tagging a Facebook photo that is completely black
Another issue to consider is authorized sessions stored in the IFTTT platform. Users can
sign up and associate powerful platforms such as Facebook, Dropbox, Gmail, etc. A compro-
mise of IFTTT’s infrastructure, the infrastructure of other associated platforms, the user’s
IFTTT accounts, or other platform accounts could be abused by attackers to influence the state
of the bulbs via recipes that are in use.
This potential issue is a good example of considerations relating to the upcoming wave of
interoperability between IoT devices and cloud platforms. It is only a matter of time before we
will begin to see attacks that exploit cross-platform vulnerabilities to influence IoT
infrastructures.
Conclusion
We have come to depend on lighting for convenience, as well as for our safety and for the
functioning of our societies and economies. For this reason, the IoT devices that control light-
ing must include security as part of their architecture and design.
The Philips hue lighting system is one of the more popular IoT devices in the market
today. This chapter has presented various security issues for this system, including funda-
mental issues such as password security and the possibility of malware abusing weak authori-
zation mechanisms to cause sustained blackouts. We also discussed the complexity of
CONCLUSION 35