Technology
Hackers can hijack Philips Hue smart bulbs to take over your home
We’ve all seen this movie: The lights inexplicably start to flicker and a naive homeowner writes it off as just a glitch. But no! There’s something… in … the house.
In the smart home age, that horror scenario could actually come to life — except the intruders aren’t angry spirits, they’re hackers.
A new report from Check Point Research, a cyber threat intelligence outfit, shows how a vulnerability in a Philips Hue smart lightbulb could allow attackers to gain control over the home or business network of which the bulb is a part.
Philips Hue and other smart lightbulbs allow users to control the lighting with an app or smart assistant. They’re convenient and fun (they change colors!), but apparently making innocuous appliances in your home “smart” is not without its downsides.
The assault scenario is truly spooky. Check Point researchers used a previously discovered vulnerability in the smart bulb to hijack it. They then control the bulb’s functioning, causing it to become unresponsive or even — gasp — flicker.
Since the bulbs no longer respond to their owner’s control, this prompts the user to reset the bulb in the app that controls it. Doing that allows the hackers to spread their malware to the smart home hub between the bulb and the home network (on a popular wireless protocol called ZigBee), which allows it to gain access to the rest of the connected devices on the network. Home: invaded.
Here’s a video of how it all goes down.
Check Point Research made the company that owns Philips Hue bulbs, Signify, aware of the threat in November 2019. Bulb owners should have received an automatic update, but can now also manually update their firmware to prevent against this sort of attack.
This scenario only demonstrated the vulnerability of these specific smart bulbs, but Check Point told Mashable that it could shine a light on possible threats from other smart home products.
“The fact that IoT products are connected to a central network means they can serve as a new ‘attack vector’ and are a means to get right inside the central network and inject it with malicious files,” a Check Point Research representative said. “We showed an example of how this works, but the danger is potentially much larger.”
Almost makes you wish your home was dumb again…
-
Entertainment6 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment6 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment5 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment4 days ago
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment4 days ago
Mars is littered with junk. Historians want to save it.
-
Entertainment5 days ago
CES 2025 preview: What to expect
-
Entertainment3 days ago
Should you buy the 2024 Kindle Paperwhite Signature Edition?
-
Entertainment2 days ago
2024: A year of digital organizing from Palestine to X