See the light: Philips Hue smart bulbs can be hacked and used to install malware

We’ve all heard the horror stories of hackers remotely steering smart cars off the road, but even the smallest of smart devices can lead to big problems if they’re not monitored carefully.

This was on full display when a flaw was discovered that exposed the home networks of people using the very popular Philips Hue smart bulbs. Researchers from cyber security firm Check Point revealed how a bug enabled them to infiltrate the bulbs with a drone that hovers outside a building. They were able to gain access to the bulbs as well as the control bridge that leads to the users’ network, which means it is possible to compromise a person’s home network or even that of a business or smart city using the bulbs.

To infiltrate the users’ network, the researchers exploited a previously discovered bug that Philips hadn’t fixed that allowed them to control aspects of the bulb like brightness and color. After lowering and raising the brightness or changing the color to trick the user into believing the bulb had a glitch, the user would then reset the product by deleting it from their app and then attempting to rediscover it. However, once they rediscovered the compromised bulb, it was able to offload malware onto the control bridge. The users’ home network is linked to this central hub, which means the malware or spyware could infect the entire network.

Check Point Research Head of Cyber Research Yaniv Balmas said: “Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as light bulbs can be exploited by hackers and used to take over networks or plant malware.”

Keep reading

Author: HP McLovincraft

Seeker of rabbit holes. Pessimist. Libertine. Contrarian. Your huckleberry. Possibly true tales of sanity-blasting horror also known as abject reality. Prepare yourself. Veteran of a thousand psychic wars. I have seen the fnords. Deplatformed on Tumblr and Twitter.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s