Replicating a smart lighting worm on low budget hardware

Supervisor(s)Alexander Schlögl, MSc


The original paper by Ronen et al. showcases that the permissive connection behavior of ZigBee LightLink (ZLL) is detrimental to security in an IoT setting. They exploited this behavior to build a self-spreading worm that’s transferred between Philips Hue smart lightbulbs.

In this thesis, your goal is finding out whether a similar attack is possible on cheaper Ikea smart lights, which also use ZLL as a protocol stack. Important steps in this thesis are:

  • disseminating the update process of Ikea smart bulbs
  • finding the used signature/encrypting algorithm used to deploy updates
  • extracting the corresponding key(s) using a side channel attack
  • investigating whether the original author’s method of dissociating bulbs from their current gateway is applicable to the new bulbs


Knowledge of side channel attacks, experience with oscilloscopes helpful


  • Ronen, E., Shamir, A., Weingarten, A.-O., and O’Flynn, C. IoT Goes Nuclear: Creating a ZigBee Chain Reaction. In IEEE Symposium on Security and Privacy (S&P). IEEE, 2017, pp. 195–212.