The vulnerabilities found on Philips Hue devices allow anyone with enough information, control the, turning it on or off, but it lets you access any other phone connected to the same network, and all that it entails.
Today's risk is still present, as Philips has not introduced any part that solves this vulnerability but at least prevents access to the bridge used by Hue's products for some of his friends cannot access the home device, which includes any PC connected to the same network.
This is at stake Zigbee communication protocol found, which is used by Philips Hue bulbs, so it's also available on all home automation products that use this communication protocol, such as Amazon Echo Plus, Samsung SmartThings, Belkin, Yale smart Locks, Honewell thermostats, Ikea Tadfri, Samsung Comcast Xfinity Box, Bosh Security Systems …
Look for Point security researchers, who found the way measure the attack from a flashing light to find the entire networkThey explain how it works:
- The attacker uses real risk to control a single bulb.
- The user sees a random operation and cannot handle the operation of the bulb and cannot handle the lamp, the user resets the bulb and adds it back to the system.
- At that time, the bulb malt has access to the Hue bridge and spreads to all devices and computers connected to the same network.
Once you find any home computer, the attacker can install the keyboard recording programs (and access our passwords) as well. install ransomware to encrypt our equipment and request recovery so you can access again.