A new report this week revealed that your cool smart light bulbs from Philips are potentially vulnerable to hackers in fact, your whole Wi-Fi network could be compromised. So take our word for it: update now.
This news comes from cybersecurity research firm Checkpoint, which published a blog post exposing the flaw. When this was originally pointed out several years ago, companies found a way to stop what was at the time a bulb-hopping attack. Checkpoint says that, while this fix was deployed at the time, the basic vulnerability in the Hue bulb is still there, and can still be used for mischief.
[Read: Youre going to want this latest version of Firefox, trust us]
To make this work, a hacker would have to take control of one bulb, then fiddle with its color and brightness enough to make the owner think something was wrong with it. The owner would have to delete, then rediscover the infected bulb on their app, at which point it would flood the control bridge with malware via a vulnerability in the devices Zigbee protocol. From there, the hacker can infiltrate the home network to which the bridge is attached.
Heres how it looks in action:
Its kind of an esoteric attack, and relies on the victim attempting to reconnect the malfunctioning bulb to the app. But it can work, and thats a problem. And since Zigbee is used by multiple smart home brands its website lists such brands as Amazon Echo, Samsungs SmartThings, and IKEAs smart lighting devices. But at least we know Philips has tried to fix the problem.
Double-check to make sure your Philips Hue Hub is updated to firmware version 1935144040. This is the patched version Philips released last month, and you can find out whether you have it by checking the software update part of the Hue apps settings menu. Hopefully most of you Philips owners (and anyone else with a Zigbee-based device) get your updates automatically, and youll already have it by now.
And if one of your Hue bulbs starts malfunctioning, flickering, etc I dont know, maybe throw it out a window, just to be safe?
The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulbon Checkpoint