Hacker Turns Smart Bulb into Library of Banned Books

A security researcher known as 'cyberpunk' has developed an open-source project that transforms a smart bulb with an ESP32 chip into a 'digital library of banned books'. The device generates an open Wi-Fi hotspot that, when connected, displays a web interface with a collection of censored texts. The code and instructions are available on GitHub, allowing anyone to replicate the setup. This project, reported by Tom's Hardware, adds a new dimension to IoT devices by turning them into tools of digital dissent.

What happened?

The researcher, whose alias is 'cyberpunk', has created a cyberpunk digital 'dead drop': a smart bulb that functions as a portable web server. When the bulb is turned on, it emits an open Wi-Fi network with a captive portal that hosts a selection of banned books. The project is fully open source and uses the ESP32 microcontroller, a low-cost chip (around $2-5) widely used in IoT devices. According to the documentation, the setup requires only a compatible bulb, a USB cable, and a computer to flash the firmware. The code is hosted on GitHub, where steps to adapt any ESP32 bulb, such as those from Sonoff or similar brands, are detailed. This approach recalls physical 'dead drops' (USB drives embedded in walls) but with the advantage of being wireless and ephemeral.

Why is it important?

This project illustrates the convergence between digital activism and the repurposing of everyday hardware. By using a smart bulb, a common and seemingly innocuous object, the researcher demonstrates how consumer technology can be subverted for dissent. Furthermore, it highlights the fragility of censorship in the digital age: any connected device can become a vector for uncontrolled information. From a technical perspective, the ESP32 is a low-cost, widely available microcontroller, democratizing access to such projects. The initiative also underscores the potential of ephemeral Wi-Fi networks for distributing information in restrictive environments. Historically, similar projects like 'LibraryBox' or 'PirateBox' have used portable routers to share files, but this is the first time it has been integrated into a light bulb, an object that goes unnoticed. The impact on digital activism is significant: it allows dissidents in countries with severe censorship (such as China, Iran, or Belarus) to distribute information without leaving a physical trace. Additionally, the project underscores the duality of technology: the same chip that enables home automation can be used to circumvent government controls.

What consequences will it have?

In the short term, this project is likely to inspire other hackers and activists to create similar digital 'dead drops' in everyday objects. Authorities may attempt to block such initiatives, but the decentralized and ephemeral nature of Wi-Fi networks makes them difficult to control. However, the legality of hosting 'banned books' varies by country; in nations with censorship laws, creators could face charges for distributing illegal material. In the cybersecurity realm, this case underscores the need to consider security risks in IoT devices. Although the project is benign, it demonstrates how an attacker could use a smart bulb to set up a malicious hotspot, for example, for phishing or malware distribution. Companies like IKEA (which uses ESP32 chips in its TRÅDFRI bulbs) or smart home manufacturers should assess whether their devices allow unauthorized modifications. Additionally, the project could accelerate the adoption of security measures such as secure boot or firmware verification in IoT. In the market, demand for ESP32 bulbs from hobbyists is expected to increase, while manufacturers may tighten firmware locking to prevent unintended uses.

What should readers know?

• The project is purely educational and activist: it does not involve attacks or critical vulnerabilities.
• The ESP32 is a very common chip in smart bulbs and other IoT devices; its flexibility allows for such modifications. According to market data, over 100 million devices with ESP32 have been sold.
• The legality of hosting 'banned books' varies by country; users should be aware of local laws. For example, in China, distributing certain texts may violate the Cybersecurity Law.
• This type of project reinforces the importance of freedom of information and privacy in the digital age. Compared to previous initiatives like 'The Internet in a Suitcase' by The Guardian Project, this approach is more accessible and discreet.
• From a technical standpoint, the ESP32 has enough memory (4 MB flash) to host hundreds of books in text format, and its power consumption is minimal, allowing it to run on batteries or USB.

“Technology is neutral, but its use can be a tool for liberation or control. This project is an example of how creativity can bypass censorship.”