Technology
Hackers can hijack Philips Hue smart bulbs to take over your home
We’ve all seen this movie: The lights inexplicably start to flicker and a naive homeowner writes it off as just a glitch. But no! There’s something… in … the house.
In the smart home age, that horror scenario could actually come to life — except the intruders aren’t angry spirits, they’re hackers.
A new report from Check Point Research, a cyber threat intelligence outfit, shows how a vulnerability in a Philips Hue smart lightbulb could allow attackers to gain control over the home or business network of which the bulb is a part.
Philips Hue and other smart lightbulbs allow users to control the lighting with an app or smart assistant. They’re convenient and fun (they change colors!), but apparently making innocuous appliances in your home “smart” is not without its downsides.
The assault scenario is truly spooky. Check Point researchers used a previously discovered vulnerability in the smart bulb to hijack it. They then control the bulb’s functioning, causing it to become unresponsive or even — gasp — flicker.
Since the bulbs no longer respond to their owner’s control, this prompts the user to reset the bulb in the app that controls it. Doing that allows the hackers to spread their malware to the smart home hub between the bulb and the home network (on a popular wireless protocol called ZigBee), which allows it to gain access to the rest of the connected devices on the network. Home: invaded.
Here’s a video of how it all goes down.
Check Point Research made the company that owns Philips Hue bulbs, Signify, aware of the threat in November 2019. Bulb owners should have received an automatic update, but can now also manually update their firmware to prevent against this sort of attack.
This scenario only demonstrated the vulnerability of these specific smart bulbs, but Check Point told Mashable that it could shine a light on possible threats from other smart home products.
“The fact that IoT products are connected to a central network means they can serve as a new ‘attack vector’ and are a means to get right inside the central network and inject it with malicious files,” a Check Point Research representative said. “We showed an example of how this works, but the danger is potentially much larger.”
Almost makes you wish your home was dumb again…
-
Entertainment6 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment4 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment3 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days ago
New teen video-viewing guidelines: What you should know
-
Entertainment2 days ago
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
-
Entertainment2 days ago
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more