See the light: Philips Hue smart bulbs can be hacked and used to install malware
06/21/2021 // Cassie B. // Views

We’ve all heard the horror stories of hackers remotely steering smart cars off the road, but even the smallest of smart devices can lead to big problems if they’re not monitored carefully.

This was on full display when a flaw was discovered that exposed the home networks of people using the very popular Philips Hue smart bulbs. Researchers from cyber security firm Check Point revealed how a bug enabled them to infiltrate the bulbs with a drone that hovers outside a building. They were able to gain access to the bulbs as well as the control bridge that leads to the users’ network, which means it is possible to compromise a person's home network or even that of a business or smart city using the bulbs.

To infiltrate the users’ network, the researchers exploited a previously discovered bug that Philips hadn’t fixed that allowed them to control aspects of the bulb like brightness and color. After lowering and raising the brightness or changing the color to trick the user into believing the bulb had a glitch, the user would then reset the product by deleting it from their app and then attempting to rediscover it. However, once they rediscovered the compromised bulb, it was able to offload malware onto the control bridge. The users’ home network is linked to this central hub, which means the malware or spyware could infect the entire network.

Check Point Research Head of Cyber Research Yaniv Balmas said: "Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as light bulbs can be exploited by hackers and used to take over networks or plant malware.”


Users need to be aware of vulnerabilities

Although this vulnerability has now been fixed, it serves a powerful reminder of how cautious we all need to be when it comes to the devices we allow to access our home networks. For example, the vulnerability behind the Philips Hue bulbs and hubs is in the Zigbee communications protocol that is used by many other smart home brands, including Honeywell thermostats, Belkin’s WeMo, Amazon Ring, Ikea Tradfri, Comcast’s Xfinity Home alarm system and Samsung SmartThings.

Recently, researchers from the cybersecurity firm Forescout Technologies released a report outlining how they identified vulnerabilities in the software used by millions of connected devices that could be exploited by hackers to disrupt home and business computer networks. In response, the U.S. Cybersecurity and Infrastructure Security Agency flagged the issue in an advisory.

The devices affected came from around 150 manufacturers and covered everything from smart thermometers and plugs to printers and industrial control systems. Most, however, were consumer devices that had remote-controlled cameras and temperature sensors.

In 2019, the personal information of thousands of users of the popular doorbell camera Ring was compromised, exposing login names, passwords and the names of cameras such as “front door” or “bedroom,” potentially allowing hackers to see inside people’s homes; there have also been incidents of hackers taking over cameras to communicate with and frighten children.

In many cases, poor programming by developers is behind the issue. Experts say that in the worst cases, we could see attacks on the control systems driving critical services like power and water. Any device that is connected to the internet is vulnerable, and although some might be willing to take certain risks in exchange for the convenience of having a cell phone, is being able to see inside your fridge while you’re away from home or having your lights turn on before you walk in the door really worth exposing your family and network to hackers?

Sources for this article include:

Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Embed article link:
Reprinting this article:
Non-commercial use is permitted with credit to (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.