Table of contents:
You could be in danger and you don't know it. The presence of a major security flaw in the protocol used in the well-known Philips HUE security flaw has recently been discovered that would allow them to be hacked so that any attacker could even spy on you.
In other words, cybercriminals could have taken advantage of this vulnerability in the communication protocol of these smart bulbs to be able to access the victim's computerAnd we say “could”, because fortunately this bug already has a solution.
In any case, this is not an easily exploitable security flaw because the attacker needed to know certain data before he could hack them to spy on youIn any case, the security hole is serious enough that action has been taken on the matter.
Light bulb control and malware installation
At Check Point they have offered a detailed procedure on how attackers could get hold of the control of the bulb for a later installation of malware in it, even involving the owner of the gadget to help him achieve his purpose.
Everything begins by making calls to the user's attention through the bulb once it has control of it, making it increase and decrease the brightness in order to make the owner believe that their Philips HUE bulb is experiencing some technical problem.
In the application that allows to control the bulb, it appears as not working and the only way to make it work again is to reset it, to which the user would perform said action, removing it from the app and re-synchronizing it through the bridge.
It is from that moment when the cybercriminal begins to send a multitude of requests simultaneously in order to disconnect the light bulb from the network, while injecting malware by exploiting the Zigbee protocol vulnerability.
From there, the malware is able to infiltrate the home network and be able to spread viruses and even spy on users. In other words, in reality an infected bulb is installed, thus giving the attacker access to the network to do whatever he wants.
All this is done without arousing suspicion. Fortunately, the investigation and its results were reported to Signify, owner of the Philips HUE light bulb brand, a company that confirmed the presence of the security flaw and released firmware to correct it
What should you do if you have a Philips HUE bulb right now? Basically enter the application and look for updates, if there is one available it is recommended to install it as soon as possible to solve this security problem.