Security flaw found in Philips smart bulbs

Security researchers at Check Point have discovered a vulnerability in Philips Hue smart lightbulbs that connected them to, and helped them compromise, the local network.

The security flaw was discovered in the ZigBee wireless communication protocol that is used by a wide range of smart home devices.

The Bleeping Computer reported that the bug is a heap buffer overflow that can be exploited remotely in Philips Hue Bridge model 2.x to execute arbitrary code. Affected firmware versions are up to 1935144020, released on 13 January.

The researchers fitted the smart light with malicious firmware, then moved to take control of the bulb's control bridge by triggering a heap buffer overflow by bombarding it with large amounts of data.

“This data also enables the hacker to install malware on the [control] bridge – which is in turn connected to the target business or home network,” the researchers explained, adding that an attacker could then jump to other systems on the network, deploying whatever malware they want.

Check Point reported their findings to Philips Hue parent company Signify, which acknowledged the vulnerability and fixed it in firmware version 1935144040.

Boris Cipot, senior security engineer at Synopsys, commented: “Those who have not enabled automatic updates or are unsure if they have, should check what their status is on the Hue System in the Hue app – it is highly advisable to turn the automatic updates on as you do not want to miss any security improvements now or in the future.”

Stuart Sharp, vice president of solution engineering at OneLogin, added: “This latest Internet of Things vulnerability highlights the critical need for robust security standards – governments must act now to hold vendors to account for the security of their devices, and although the UK government recently proposed new legislation around password management, it falls far short of the in-depth guidance and standards required to prevent hackers exploiting vulnerabilities like that found in the ZigBee protocol."

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.