A team of researchers from software company Check Point have released a report that highlights a potential security flaw in the Philips Hue smart bulbs.
The report, released last week, shows how a team of researchers working with the help of the Check Point Institute for Information Security (CPIIS) in Tel Aviv University were able to hack into an internet of things (IoT) network by targeting vulnerabilities in the ZigBee low-power wireless protocol that is used to control the smart bulb.
The attack starts with the hacker taking control of the Philips Hue bulb and installing some malicious firmware, allowing them to control the brightness and color of the bulb from afar.
This tricks the user into thinking their smart bulb has a glitch, as it also shows up as ‘Unreachable’ in their control app, prompting them to reset it by deleting it and then re-installing it. Once the bulb containing the malicious firmware is re-installed the hacker is able to access the ZigBee network and attack it with ransomware or spyware.
This latest report further reinforces concerns over the vulnerability of devices on IoT networks, especially considering how rapid the sector is growing.
At the 2017 IEEE Symposium on Security and Privacy, another team of academic researchers published their own report showing how their ability to take over and control smart bulbs could lead to a chain reaction allowing them to take over — in theory — a vast number of IoT connected devices spread across an entire city.
Check Point reached out to Philips and parent company Signify with the security flaw and a firmware patch was released shortly thereafter to fix the vulnerability.