SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
7 Nov 2016

Hackers could exploit Philips Hue smart bulb security flaw

Serious security concerns regarding the Internet of Things (IoT) are continuing to mount in the wake of the massive DDoS attack that used a massive IoT botnet to take down a portion of the internet in October.

Now, researchers have found a security flaw in Philips Hue smart bulbs that could allow malicious hackers to remotely hijack and control the devices.

According to a new study titled, "IoT goes nuclear: Creating a ZigBee Chain Reaction," researchers from Welzmann Institute of Science in Israel and Dalhousie University in Novascotia, Canada, discovered that they were able to exploit a weakness in the common wireless radio protocol called ZigBee that is often used in other smart home devices as well. Philips Hue smart bulbs allow users to control the intensity and colour of the web-connected bulbs via a computer or a smartphone.

Researchers said that hackers can potentially use a method that involves tricking an internet-connected light bulb into accepting a computer worm that can then spread malicious software to other neighbouring bulbs within the network.

"The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity," researchers explained. "The attack can start by plugging in a single infected bulb anywhere in the city, and catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDoS attack."

The researchers noted that they were able to carry out the attack using "only readily available equipment costing a few hundred dollars." They demonstrated the technique in a video showing a drone flying up to 350m away from a building, taking control of its smart light bulbs to blink on and off, and flash an "SOS" message in Morse code.

Another video showed researchers testing the technique to take control of light bulbs at the Weizmann Institute of Science facility and cause them to flicker by driving a car 70m away.

"This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product," researchers said.

The latest study comes just a month after hackers targeted DNS provider Dyn to knock multiple major websites offline through waves of massive DDoS attacks. Using Mirai malware, the hackers infected thousands IoT devices such as web cameras and digital recorders to create a huge Mirai botnet and flood its server with fake traffic to take it offline. The researchers said they notified Philips about the vulnerability and the company fixed the security flaw with a patch in October.

"We have assessed the security impact as low given that specialist hardware, unpublished software and close proximity to Philips Hue lights are required to perform a theoretical attack," a Philips Lighting spokesperson told. "Despite the low risk, we consulted with the researchers and developed a patch that has already been issued in a firmware update."

Tags:
information leaks hackers
Source:
IBTimes
1833
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015