Learning from Authoritative Security Experiment Results

The 2013 LASER Workshop

The Security and Privacy of Home Automation Systems

Temitope Oluwafemi, University of Washington
Tadayoshi Kohno, University of Washington
Sidhant Gupta, University of Washington
Shwetak Patel, University of Washington

Background. With a projected rise in the procurement of home automation systems, we experimentally investigate security risks homeowners are exposed to by non-networked compact fluorescent lamps controlled by compromised Internet enabled home automation systems.

Aim. This work investigates the feasibility of causing physical harm – through the explosion of CFLs or the inducing of seizures by high frequency fluctuations - to home occupants through an exploited home automation system.

Method. Three distinct electrical signals were applied to two different brands of CFLs connected to Z-Wave enabled light dimmers until they popped or gave way.

Results. Three of ten CFLs on which we conducted our experiments popped, although not to the degree of explosions we expected. The seven remaining CFLs gave way with varying times to failure indicating process and design variations.

Conclusions. The results are both positive and negative. They are positive because it means it will be hard for an attacker to use the described methods to harm homeowners. On the other hand, the results are negative because it is apparently possible for an attacker to remotely compromise a non-networked light bulb.

Get the Full Paper.


The 2013 LASER proceedings are published by USENIX, which provides free, perpetual online access to technical papers. USENIX has been committed to the "Open Access to Research" movement since 2008.

Further Information

If you have questions or comments about LASER, or if you would like additional information about the workshop, contact us at: info@laser-workshop.org.

Join the LASER mailing list to stay informed of LASER news.