The Philips Hue vulnerability allows the attacker to control the lights and be able to turn it off or off at will and change its color and brightness. This attack can be done using a computer with a radio transmitter.
Although the risk is obvious, the company immediately closes the interruption component that prevents the attacker from hacking the Hue Bridge, a separate lighting control center, and when it controls the entire network including PCs connected to it.
An accident that affects many manufacturers
The danger lies in the Zingbee, a communication protocol used by Philips to control different objects It is important to know that Zingbee is also an optional protocol for Amazon Echo Plus, Samsung SmartThings, Belkin WeMo, Hive Active Heating, Yale Locks, Honeywell thermostats, Bosch Security Systems, Ikea Tradfri, Samsung Comcast Xfinity Box and more. .
Check Point investigators have found a way to measure light bulb attacks across the network, working as follows:
- The attacker uses real danger to control the lamp.
- The user looks abnormal and cannot control the bulb in question.
- The most obvious solution is to remove the lamp and measure it again.
- By reinstalling it and the malware gains access to the Hue Bridge.
- From there it can spread to other network-connected devices and cause significant damage.
Check Point relayed their signatures, the owner of Philips Hue, and a security update already exists.
All Philips Hue users are recommended to update devices with the Hue app.
Let's remember that The actual risk that allows you to control individual lights cannot be fixed, because, to do so, you need changes to the Hardware of the bulbs, but a security update ensures that the attack won't reach other devices on the network.
Below we can see a video showing the attack.
