If you haven’t turned your house into a smart home, you’re really missing out. Just the sheer convenience that comes with Internet of Things (IoT) devices is worth the investment.
You’ll love being able to control everything from your lights to your thermostat to appliances with just the sound of your voice or the tap of an app. Don’t know where to begin? We can help. Check out our smart home starter kit. Tap or click here to find out what to do first.
There is one downside to using IoT devices, though. They are prime targets for hackers and your smart lightbulbs could be under attack right now.
Is your smart home safe?
A few years ago, security researchers discovered a vulnerability in certain smart lightbulbs that would allow hackers to infect them with malware. This could create a chain reaction and spread the infection to other smart devices in your home.
According to researchers at Check Point, that flaw was never fully patched and could now lead to major problems for those who have the smart lights in question.
They said hackers are able to bridge the gap between your physical IoT network and attack more appealing targets, like the computer network in your home, office or even throughout cities with smart technology.
You may also like: Update your phone now! Bug lets hackers take over
The researchers focused on Philips Hue smart bulbs to show how a hacker could exploit them and their control bridge to launch attacks on other targets. They were able to find vulnerabilities that let them sneak into networks using a remote exploit in the ZigBee low-power wireless protocol.
This protocol is used to control many IoT devices.
Check Point stated, “The researchers were able to take control of a Hue lightbulb on a target network and install malicious firmware on it. From that point, they used the lightbulb as a platform to take over the bulbs’ control bridge, and attacked the target network as follows:”
- The hacker controls the bulbs’ color or brightness to trick users into thinking the bulb has a glitch. The bulb appears as ‘unreachable’ in the user’s control app, so they will try to ‘reset’ it.
- The only way to reset the bulb is to delete it from the app, and then instruct the control bridge to re-discover the bulb.
- The bridge discovers the compromised bulb, and the user adds it back onto their network.
- The hacker-controlled bulb with updated firmware then uses the ZigBee protocol vulnerabilities to trigger a heap-based buffer overflow on the control bridge, by sending a large amount of data to it. This data also enables the hacker to install malware on the bridge — which is in turn connected to the target business or home network.
- The malware connects back to the hacker and using a known exploit, they can infiltrate the target IP network from the bridge to spread ransomware or spyware. (CheckPoint)
How to protect your smart lights
Check Point told Philips about the discovery back in November and Philips has issued a patch to fix it. It’s critical that you make sure your smart lights are updated with the latest firmware. In fact, it’s a good idea to keep all of your devices updated.
The latest firmware update is number 1935144040. Make sure your Philips Hue Bridge is updated with that firmware version. Here’s how:
Open the Philips Hue app >> open Settings >> select Software update. That’s it, you should now be running the latest software.
Philips recommends enabling automatic updates for your Hue system to ensure you are always running the latest version. To do that, open the Philips Hue app >> open Settings >> select Software update >> enable Automatic Updates.
With any device, we strongly recommend running the latest software. Many updates come with patches that fix known flaws and will keep hackers from exploiting them.
Want to stay on top of all security breaches like this? Sign up for Kim’s Alert newsletter and we’ll keep you posted.