Technology
Hackers can hijack Philips Hue smart bulbs to take over your home
We’ve all seen this movie: The lights inexplicably start to flicker and a naive homeowner writes it off as just a glitch. But no! There’s something… in … the house.
In the smart home age, that horror scenario could actually come to life — except the intruders aren’t angry spirits, they’re hackers.
A new report from Check Point Research, a cyber threat intelligence outfit, shows how a vulnerability in a Philips Hue smart lightbulb could allow attackers to gain control over the home or business network of which the bulb is a part.
Philips Hue and other smart lightbulbs allow users to control the lighting with an app or smart assistant. They’re convenient and fun (they change colors!), but apparently making innocuous appliances in your home “smart” is not without its downsides.
The assault scenario is truly spooky. Check Point researchers used a previously discovered vulnerability in the smart bulb to hijack it. They then control the bulb’s functioning, causing it to become unresponsive or even — gasp — flicker.
Since the bulbs no longer respond to their owner’s control, this prompts the user to reset the bulb in the app that controls it. Doing that allows the hackers to spread their malware to the smart home hub between the bulb and the home network (on a popular wireless protocol called ZigBee), which allows it to gain access to the rest of the connected devices on the network. Home: invaded.
Here’s a video of how it all goes down.
Check Point Research made the company that owns Philips Hue bulbs, Signify, aware of the threat in November 2019. Bulb owners should have received an automatic update, but can now also manually update their firmware to prevent against this sort of attack.
This scenario only demonstrated the vulnerability of these specific smart bulbs, but Check Point told Mashable that it could shine a light on possible threats from other smart home products.
“The fact that IoT products are connected to a central network means they can serve as a new ‘attack vector’ and are a means to get right inside the central network and inject it with malicious files,” a Check Point Research representative said. “We showed an example of how this works, but the danger is potentially much larger.”
Almost makes you wish your home was dumb again…
Apple Watch Series 9 vs. SE: A smartwatch skeptic tested both for 13 days
Google dubs Epic’s demands from its antitrust win ‘unnecessary’ and ‘far beyond the scope’ of the verdict
Apple: pay attention to emerging markets, not falling China sales
Greatest Star Wars Day deals and new releases 2024: Shop May the 4th sales
Danti’s natural language search engine for Earth data soars with $5M in new funding
5 essential gadgets for turning your home into a self-care sanctuary
Haun Ventures is riding the bitcoin high
Hands-on with the Claude AI app: It’s pleasant to use, but janky
Calendly revamps its browser extension as it seeks to do more than schedule meetings
How to unblock porn sites: Greatest VPN for porn in 2024
NASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
API startup Noname Security nears $500M deal to sell itself to Akamai
US think tank Heritage Foundation hit by cyberattack
How to watch ‘Argylle’: When and where is it streaming?
Tesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
Meta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
Tesla layoffs hit high performers, some departments slashed, sources say
Former top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal
TechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
Consumer Financial Protection Bureau fines BloomTech for false claims
Apple Watch Series 9 vs. SE: A smartwatch skeptic tested both for 13 days
Google dubs Epic’s demands from its antitrust win ‘unnecessary’ and ‘far beyond the scope’ of the verdict
Apple: pay attention to emerging markets, not falling China sales
Greatest Star Wars Day deals and new releases 2024: Shop May the 4th sales
Danti’s natural language search engine for Earth data soars with $5M in new funding
5 essential gadgets for turning your home into a self-care sanctuary
Haun Ventures is riding the bitcoin high
Hands-on with the Claude AI app: It’s pleasant to use, but janky
Calendly revamps its browser extension as it seeks to do more than schedule meetings
How to unblock porn sites: Greatest VPN for porn in 2024
-
Entertainment6 days agoWhat’s on the far side of the moon? Not darkness.
-
Business7 days agoHow Rubrik’s IPO paid off big for Greylock VC Asheem Chandna
-
Business6 days agoTikTok faces a ban in the US, Tesla profits drop and healthcare data leaks
-
Business5 days agoLondon’s first defense tech hackathon brings Ukraine war closer to the city’s startups
-
Business7 days agoPhoto-sharing community EyeEm will license users’ photos to train AI if they don’t delete them
-
Entertainment6 days agoHow to watch ‘The Idea of You’: Release date, streaming deals
-
Entertainment5 days agoMark Zuckerberg has found a new sense of style. Why?
-
Business5 days agoHumanoid robots are learning to fall well
