>while in the case of video visualizations, the modifications reflect the dominant color and brightness level in the current video frame.
How does this leak anything that your TV screen doesn't leak already?
This just in! People outside your window can see what color your TV screen is glowing! People at particular angles can retrieve a 4K visual representation of the media you're viewing!
They take a smart lightbulb with certain features: infrared and media decoders.
They specifically hijack the infrared portion of the bulb's spectrum only. Why?
Because standing right next to the bulb, you wouldn't notice it flickering hot/cold, at millisecond intervals. So they can create a channel in the IR range to send anything they want, and go unnoticed.
So, then, at any time (not just while you are watching movies) that bulb can be made to send any information, and not just add atmosphere to your viewing habits. Indeed, it can both exfiltrate arbitrary data, without you noticing, by flickering in the invisible heat region, AND also follow along with your movies, independently, Much in the same way it can blend a blue channel and a yellow channel into green ambient light.
It needs the media decoder, so that they can gain fine-grained access to the bulb's transmission state. It needs malware and local network access to create the implant and continuously relay data to steal.
The benefit here is that it might ba able to amplify reads at a distance, perhaps greater than wi-fi. The signal is degraded at 50 meters, but if one wished to transmit a very course signal at lower bandwidth, it need not be a high-detail image, such as lena.
It could be the heavily aliased bitmaps of your password, read from across the street from a hotel parking lot, where a hotel has installed these bulbs in every room.
It could also use a control signal sequence, to automate sniffed passwords. For example, have a passive video buffer watching a specific window, waiting for S-O-S, before it starts recording, then it captures 60 second interval, and ceases for a 5 second quiet period, to await the next S-O-S.
The data exfiltratiom part is after that, titled "Data exfiltration from personal devices", which yes, is a new means of transmitting data. Under the assumptions that there's no authentication to control the lights and that they have malware running on your computer already.
But my point is that the whole first section is absurd. Leaking what's on the TV via a light that shows the average color of what's on the TV? It's already on the TV. Stop looking at the light from the lightbulb and look at the TV. If you can't see the TV directly, look at the light from the TV, which is already the same color as what the lightbulb would tell you.
The music part doesn't seem any better. You know what's a good way to figure out what music someone's listening to? A microphone. Granted a light might be visible from farther away, but if someone is running party lights the music is probably not quiet.
Moreover, the adversary needs to plant malware that encodes private data from the target device and sends it to the smart light bulbs.
...if you can already install/run code of your choice, why not just send the data out over the network and into the Internet?
and System bus radio https://fulldecent.github.io/system-bus-radio/
If you've already exploited the target device, why not just send private data to the attacker's servers instead? This has to be one of the most convoluted attack vectors.
Cf. - https://blog.acolyer.org/2017/06/22/iot-goes-nuclear-creatin...
Please also read research work by Shyam Gollakota of University of Washington.
Seriously, I don't know...
None. It is a hardware problem.
Q: How many Northern Californian software engineers does it take to change a smart lightbulb?
A: Hella!
Q: How many Southern Californian software engineers does it take to change a smart lightbulb?
A: Totally!
https://escholarship.org/uc/item/6492j904
http://www.sonomastatestar.com/opinion/2014/11/4/hella-nor-c...
http://prizedwriting.ucdavis.edu/sites/prizedwriting.ucdavis...
