With smart devices well into our daily lives, the risks of data breach have skyrocketed. The hackers no longer try to break into your computer but find new avenues through smart devices. One such example was pointed out by researchers who this time found vulnerabilities in Hue Smart Light Bulbs of Philips.
Her researchers Check Point revealed today a new vulnerability, of high severity, affecting light bulbs Hue Smart Light of Philips. This vulnerability, codenamed CVE-2020-6007, may give hackers the ability to access a targeted WiFi network from a distance of 100 meters.
The underlying vulnerability lies in the way in which Philips applied the Zigbee communication protocol to its smart lamp. ZigBee is a widely used wireless technology, designed to allow any device to communicate with any other device on the network. The protocol has been integrated into tens of millions of devices worldwide, including Amazon Echo, Samsung SmartThings, Belkin Emo and more.
The researchers did not disclose complete technical details of the vulnerability to give reasonable time to affected manufacturers to apply the fixes. However, they shared a video showing the attack.
As shown in the video, in the attack scenario the hackers use a known bug (detected in the past) to take control of it Hue lamp. This makes the device 'inaccessible' to users' control application, forcing them to delete the lamp and then try to reconnect to it.
The application on the mobile phone scans the area, checking for the existence of smart devices and thus discovers the hacker-controlled smart lamp with updated firmware. The user adds it back to his network.
The hackers then exploit the vulnerabilities of the ZigBee protocol to overload the connection cache Hue lamp - mobile phone - network, allowing them to install malware on this interface. Beyond that, hackers can use malware to infiltrate the network.
If you do not have the firmware update feature enabled, we recommend that you install it manually immediately, and at the same time change the settings to refresh future updates.