As 2016 comes to a close, I’m still running across security people who wonder why we need network-connected lightbulbs, possibly due to Shamir’s recent paper on lightbulb worm attacks.
In fact, the lightbulb is one of the most compelling examples of the usefulness of adding network connectivity to ordinary objects, aka “the Internet of Things.”
The key observation is that a networked lightbulb eliminates a lot of expensive wiring. The bulb itself of course requires wiring for power, whether or not it is networked. However, lightbulbs also need wiring for control, that is, you need at least an on/off switch. The wiring for the bulb and the switch have to be physically connected, which is expensive; and complex controls such as dimmers, or multiple switches, require even more expensive wiring and hardware.
If you want to add or move a wired switch for an existing bulb, you are probably going to hire an electrician to drill holes in your wall and fish cables, and you will need a building permit and inspection. This is likely to cost hundreds of dollars.
A networked lightbulb can eliminate all of the switch wiring, and potentially even the switch, since you can control the light from your phone. If you do want a switch, you can buy a battery-powered switch or 5 and stick them to the wall yourself; you don’t need an electrician or building permit.
Modern bulbs also require complex controls. For example, many offer control over color temperature in addition to brightness; a wired control for this functionality is much more complex than a dimmer and hence much more expensive.
Networked bulbs are also easily extended for future functionality. For example, you should be able to control them by timers, or trigger them by alarms (e.g., turn on the lights if there is a fire). When combined with networked sensors they can turn off when people leave the room.
Finally, as lightbulbs become more complex, they will need software updates, which essentially require a network.
This is a pretty compelling case for networked lightbulbs, if you ask me. Of course, it also brings up many security concerns. My advice to security professionals: deal with it, it’s your job, and this is an ideal test case.