Hacking Your Lights

Increasing we use RESTful Web services to interface to devices. With this you IoT device runs a Web service, and then we call it with a POST HTTPs request (from url) and with various headers set (contained within headers):

r= requests.post(url,json.dumps(data),headers=headers)

Philips Hue lights use a bridge to configure the lights, via a wireless connection. The bridge itself connects to an Ethernet connection on the wireless router. A user is added to /api/username, where username is the name of the user. If we try an invalid name:

import json
import requests
import time
ip="http://192.168.0.11"
headers ={'Content-type':'application/json','Accept':'text/plain'}
url = ip+'/api/fred'
data ={'devicetype':'test user','username':'newdeveloper'}

This will return:

[{"error":{"type":1,"address":"/","description":"unauthorized user"}}]

Now we can register the user with:

import json
import requests
import time
ip="http://192.168.0.11"
headers ={'Content-type':'application/json','Accept':'text/plain'}
# Setup new user
r = requests.get(url)
print r.text
url = ip+"/api"
r=…