White Hats Shine a Light on Philips Hue Hack

Written by

Security researchers have discovered a new exploit which could allow hackers to compromise home and corporate IT networks via smart light bulbs.

The CVE-2020-6007 flaw exists in the Zigbee wireless protocol used to communicate with IoT devices. Check Point white hats found a way to exploit the bug in popular Philips Hue smart bulbs to take control of the bulbs’ control bridge and then attack the network.

However, to achieve the above, a hacker would first need to implant malicious firmware on the bulb itself. By doing so, they can tamper with the settings remotely to trick the user into thinking there is a fault.

As the bulb appears “unreachable” in the user’s control app, they will try to reset it, by deleting it from the app and then instructing the control bridge to re-discover it.

Once the user has added the compromised bulb back onto the network, it can use the Zigbee vulnerability to trigger a heap-based buffer overflow on the control bridge by inundating it with data.

“This data also enables the hacker to install malware on the bridge – which is in turn connected to the target business or home network,” Check Point explained. “The malware connects back to the hacker and using a known exploit (such as EternalBlue), they can infiltrate the target IP network from the bridge to spread ransomware or spyware.”

Check Point disclosed the research to Philips and Hue brand owner Signify in November 2019 and waited until now to publish so the manufacturer had time to release a firmware update, which it has.

However, as the main problem lies with the Zigbee protocol itself, there could be a range of other IoT devices vulnerable to exploitation in a similar way.

This isn’t the first time critical flaws have been found in the popular low-power comms protocol. Back in 2015, Black Hat researchers outlined a range of threats to the smart home through its unsecure use of encryption keys.

What’s hot on Infosecurity Magazine?