Zigbee vulnerability lets hackers use Philips Hue bulbs to hijack your network
6 February 2020 | 0
A team of researchers just revealed that it is possible for a rogue light bulb to hijack your Philips Hue bridge—and, in turn, your entire network—using a vulnerability in the Zigbee wireless protocol. The good news? Your bridge has probably already patched itself.
Check Point Research published its findings three months after alerting Signify-owned Philips Hue of the vulnerability. Signify confirmed the security hole and released a patch for the Hue Bridge in January. If your bridge is online and you have enabled automatic updates, the patch should already be installed.
Also, a Philips Hue rep told TechHive that Hue bulbs manufactured since 2018 are not vulnerable to the attack.
How to make sure your Hue bridge has been patched
- Open the Hue app, then tap Settings > Software update.
- Wait for the spinning wheel to finish doing its thing, then check the firmware number for your Hue Bridge. If your bridge is on firmware patch 1935144040 (which was released on 23 January), you are in the clear.
- If there is a pending update for the bridge, install it.n
More details on the vulnerability
According to Check Point, hackers can exploit the Zigbee vulnerability by taking control of an older Hue bulb and making it turn on and off or change colour, in hopes of tricking the owner into thinking something is amiss with the bulb.
If the user removes the bulb from the Hue app and re-pairs it to the bridge, the hackers can then use the compromised bulb to send a “heap-based buffer overload” to the bridge, essentially overwhelming it with data and paving the way for a malware attack on the user’s entire network, the Check Point report says.
Check Point notes that it focused its research on Philips Hue because it is the “market-leading” Zigbee smart-bulb manufacturer, leaving open the possibility that other Zigbee-based smart devices are open to the attack. A detailed report will not be published until “a later date” to “give users time to successfully patch their vulnerable devices,” Check Point said. Hopefully, we will hear soon from manufacturers of other Zigbee-enabled devices about how they have (or will) tackle the security hole.
Check Point’s findings come a few years after researchers used a drone to remotely inject a worm into a Zigbee bulb, which then allowed the worm to jump from bulb to bulb. Check Point said it used a “remaining vulnerability” from that earlier research to discover the latest exploit.
IDG News Service