Security researchers at Check Point have published details of vulnerabilities they have found in Philips Hue smart bulbs that could be exploited by hackers to compromise networks remotely.
The researchers were able to hijack control the IoT bulbs and install malicious firmware on it. With that beachhead in place they were then able to launch attacks to compromise the bulbs’ control bridge and then use an inventive method to attack the network:
- The hacker controls the bulb’s color or brightness to trick users into thinking the bulb has a glitch. The bulb appears as ‘Unreachable’ in the user’s control app, so they will try to ‘reset’ it.
- The only way to reset the bulb is to delete it from the app, and then instruct the control bridge to re-discover the bulb.
- The bridge discovers the compromised bulb, and the user adds it back onto their network.
The hacker-controlled bulb, containing the updated malicious firmware, uses a ZigBee protocol vulnerabiliy to cause a buffer overflow on the control bridge, and install malware onto the bridge as well.
As the bridge is connected to the targeted business or home network, the hacker is now able to infiltrate the network via the bridge, and achieve their goal – whether it be to install ransomware, spy, or steal information.
In short, the attack started at the bulb, travelled to the bridge, and ultimately ended up at the network.
A video made by the researchers demonstrates the attack in action.
The researchers informed the team Philip Hue team of the security vulnerabilities in November 2019, and patched firmware (version 1935144040) has since been made available.
Check Point’s research team, however, says it has delayed publishing full technical details of its discovery in order to allow more time for affected products to be updated.
Users are advised to ensure that their Hue System is fully updated by going to Settings -> Software Update -> Automatic Update in the Hue app.
Of course, it’s worth bearing in mind that the researchers only put the Philips Hue light bulbs under the microscope because they were market-leading IoT devices. There are, no doubt, countless other IoT devices which are likely to be just as vulnerable, if not more so, but simply haven’t yet had a spotlight shone on them.