The UK’s leading ethical hacker has warned that the lighting industry needs to ‘wake up’ when it comes to Internet of Things (IoT) security, or risk the technology being turned into a Trojan Horse for hackers.

‘Lighting venders need to wake up and realise that what they are doing could be very insecure,’ Ken Munro, the UK’s leading ethical hacker told Lux in an interview that you can view below.

IoT is viewed by many as being the lighting industry’s savior as revenues from luminaires start to decline. However, as companies rush to get IoT products to market, Munro fears that cyber security is being rushed for the sake of making a quick buck.

‘We’re opening Pandora’s Box, we are starting to see huge amounts of IoT devices being developed that are vulnerable and I don’t think it will be too long before we see another big story about IoT devices being hacked. We are turning the internet against us,’ Munro continued.

In October last year hackers hijacked thousands of IoT devices, including smart lights, in a denial of service attack that crashed some of the world’s biggest websites including Spotify, PayPal and Twitter. This was just one of a number of high profile hacks that was seen in 2016.

The security expert advised that lighting manufactures should ensure that the mobile application that controls an IoT lighting product is written securely.

‘Don’t forget that when you are making an IoT product, you are selling it to consumers and to hackers. A hacker will take apart your device, look at your chip set and try to extract the firmware, which is the software that runs on the chips. If that is not written securely the product can be easily hijacked,’ Munro told Lux.

IoT is expected to grow significantly over the next decade. A survey carried out by Accenture, the global professional services firm, found that thirteen percent of consumers currently own an IoT device, by 2019, this expected to rise to 70 percent.

Watch Lux’s full interview with Ken Munro below:

It is no secret, as revenues from LEDs fade, that the lighting industry is placing a big pile of gambling chips on the success of the Internet of Things, but the hack marks the second major security breach in as many months, suggesting IoT is not yet ready for the big leagues.

A handful of the world’s top websites were targeted during the attack, including The New York Times, CNN and Amazon, making this the most high profile attack to date and one aimed at disrupting the very fabric of the internet in the United States.

The attack was carried by hijacking thousands of IoT devices, which had previously been infected with malicious code allowing attackers to take control of them. The attackers were then able to perform a denial of service (DDoS) by getting the enslaved devices to flood the chosen websites with messages, causing them to crash.

While a claim of responsibility is yet to be made for the attacks, it has been claimed on Twitter that WikiLeaks were responsible.

A tweet issued by WikiLeaks after the DDoS attack on some of the world’s leading websites.

Earlier in the month American internet provider OVH was targeted in an attack that involved the manipulation of 150,000 IoT devices.

‘Companies are simply not doing enough to improve IoT security and there is a lack of awareness and a certain laziness in their attitude towards the issue,’ Ken Munro of ethical hacking firm Penetration testing and security services, which identifies weaknesses in internet security, told Lux.

The IoT powered onslaughts are worsening because of the release of the Mirai botnet source code into the public domain. The code contains the necessary information needed to hack into IoT devices and ultilise them for use in DDoS attacks.

Security experts are worried that IoT devices are being built upon outdated operating systems using code that has not been properly tested for security loopholes, which hackers will exploit. The devices are then being rushed to market.

Munro believes that IoT manufacturers need to act now to prevent much more serious security breeches in the future.

‘Governments are becoming more and more concerned about the security risks that IoT poses, and the UK, US and EU governments are even considering legislation to compel firms to act,’ Munroe concluded.

The US Congress, for example, is currently mulling installing some kind of consumer protection into law to protect IoT consumer’s privacy, although talks are still at a very early stage, calls to act though are likely to speed up after this latest attack.

EU pledges millions to tackle IoT security threat. PLUS: Reykjavik turns off street lights for better aurora view. AND: US speedway becomes first to go all LED. Lux Today October 18 2016