Those of you who own a Hue smart bulb from the company Philips let them read this article to protect themselves from the possibility of falling victim to hackers.
With smart devices well into our daily lives, the risks of data breach have skyrocketed. Hackers are no longer trying to break into your computer but are finding new ways through smart devices. One such example was pointed out by researchers who this time found vulnerabilities in Philips Hue Smart Light Bulbs.
Her researchers Check Point revealed today a new, high-vulnerability that affects Philips Hue Smart Light bulbs. This vulnerability, codenamed CVE-2020-6007, could allow hackers to access a targeted WiFi network from a distance of 100 meters.
The underlying vulnerability lies in the way Philips applied the Zigbee communication protocol to its smart light bulb. ZigBee is a widely used wireless technology, designed to allow any device to communicate with any other device on the network. The protocol has been integrated into tens of millions of devices worldwide, including Amazon Echo, Samsung SmartThings, Belkin Emo and more.
The researchers did not disclose the full technical details of the vulnerability in order to give reasonable time to the affected manufacturers to apply the fixes. However, they shared a video showing the attack.
As seen in the video, in the attack scenario the hackers use a known bug (which has been detected in the past) to take control of the Hue lamp. This makes the device 'unreachable' to the users control application, forcing them to delete the lamp and then try to connect to it again.
The app on the mobile phone scans the area for smart devices and thus discovers the one controlled by the hacker smart bulb with updated firmware. The user adds her back to their network.
Hackers then exploit vulnerabilities in the ZigBee protocol to overload the Hue bulb connection's cache – mobile phone – network, allowing them to install malware on that interface. From there, hackers can use the malware to infiltrate the network.
Check Point reported these vulnerabilities to Philips and Signify, owner of the Philips Hue brand, in November 2019, which just last month released an updated, patched firmware for the device.
If you don't have the feature enabled automaticWhen downloading a firmware update, we recommend that you immediately install it manually, and at the same time change the settings so that future updates are updated.