A Philips Hue vulnerability allows a hacker to take control of individual bulbs, switching them on or off at will, as well as changing both color and brightness. This can be done remotely using a laptop with radio transmitter. You can watch a demonstration video below.
While that risk remains, the company has acted to block an escalation vulnerability that previously allowed the attacker to compromise the Hue bridge and from there the rest of the network, including any PCs connected to it…
Check Point security researchers discovered a way to escalate the attack from the control of a single bulb to take over the entire network. The escalation works like this:
- The attacker uses the original vulnerability to take control of one bulb
- The user sees random behavior and is also unable to control the bulb themselves
- The obvious troubleshooting step is to delete the bulb and scan for it again, re-adding it
- Re-adding it now gives malware in the bulb access to the Hue bridge
- From there, it can propagate, including to connected PCs
Once the attacker has access to a connected PC, they can install things like key-loggers and ransomware.
Check Point, of course, did the responsible thing, disclosing its findings to Signify, the owner of the Philips Hue brand. A patch is now available. Users are advised to check the Hue app to see if any updates are available and to install them if so.
Note that the original vulnerability, allowing control of individual bulbs, cannot be patched, as this would involve a hardware change to the bulbs themselves. But installing the update will ensure it cannot spread to other devices on your network.
Check Point says that it is especially important for businesses with Hue bulbs to protect themselves.
Philips Hue thanked Check Point for the responsible disclosure.
You can watch the video demo below.