We’ve all heard the horror stories of hackers remotely steering smart cars off the road, but even the smallest of smart devices can lead to big problems if they’re not monitored carefully.
This was on full display when a flaw was discovered that exposed the home networks of people using the very popular Philips Hue smart bulbs. Researchers from cyber security firm Check Point revealed how a bug enabled them to infiltrate the bulbs with a drone that hovers outside a building. They were able to gain access to the bulbs as well as the control bridge that leads to the users’ network, which means it is possible to compromise a person’s home network or even that of a business or smart city using the bulbs.
To infiltrate the users’ network, the researchers exploited a previously discovered bug that Philips hadn’t fixed that allowed them to control aspects of the bulb like brightness and color. After lowering and raising the brightness or changing the color to trick the user into believing the bulb had a glitch, the user would then reset the product by deleting it from their app and then attempting to rediscover it. However, once they rediscovered the compromised bulb, it was able to offload malware onto the control bridge. The users’ home network is linked to this central hub, which means the malware or spyware could infect the entire network.
Check Point Research Head of Cyber Research Yaniv Balmas said: “Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as light bulbs can be exploited by hackers and used to take over networks or plant malware.”