Trash Can Attack

What do you do with a broken light bulb? Throw it to a trash can of course. Yes this may include segregation and recycling. But generally it is a common procedure to replace a broken bulb. We've been doing this for 150 years.

So what do you do with a broken smart light bulb? Are you aware it contains your network credentials? It can be removed from the trash can and passwords can be extracted from its memory. Then the passwords can be used to access your network.

Of course there are many methods to protect against such attack but most of the IoT vendors today do not care. If your smart device happens to be a WiFi device, it can reveal your WiFi password too, as was the case with LifX.

LifX uses integrated SoCs (System-om-Chips), which are processors with RAM and Flash memory together, but keeps the JTAG interface open. Which means it is possible to dump the memory and extract the keys.

Other vendors offer wireless chips that do not have integrated storage. The Flash memory chip is separate. Which means you can simply connect to the memory and read it's contents. Including network keys.

A good level of protection can be achieved when the processor is integrated with Flash memory and all debugging interfaces are disabled. In such case extracting keys from trashed devices is much more difficult and requires rather expensive equipment.

The problem is not taken care of by IoT networking standards either. All low power networks today rely on shared secrets rather on asymmetric PKI and there are no easy ways to change the encryption keys and IVs (initialization vectors) after a device dies and is thrown into a trash can.

Savvy users will remember to cut the broken lamps into pieces when disposing of them. But most won't. Also the problem is much more serious for smart cities and public spaces, where devices can simply be stolen to extract keys and perform various attacks.