Until today, Philips Hue lamps could allow a hacker to exploit your network.
Four years ago, security researchers showed that a drone outside the building could crack Philips Hue lamps in a room, with a virus that infected each lamp individually. Today, we are learning that this vulnerability has not been fully restored, and researchers are now finding ways to penetrate users’ home or corporate networks, unless they have installed a patch.
The good news is that if anyone has connected the lamps to the internet, they will have already been automatically updated to version 1935144040, which contains the updated code. Check Point Software, a company specializing in internet security, had informed Philips last November and a patch was released at the end of January.
In 2016 the drone managed to load a malicious update without the user having to take any action. In contrast, the new hacking technique essentially forced the user to re-add the lamp to the network due to a virtual malfunction with color and brightness, thus giving the hacker full control of the user’s network and data. Check Point Software reports that due to design constraints, lamps could still have vulnerabilities that may not have been identified.
Although Check Point has not tried other companies’ lamps, it claims that these vulnerabilities may not be limited to Philips. The Zigbee communication protocol used by Hue is found in dozens of other smart gadgets such as the Amazon Ring bell, the Samsung SmartThings hub, Belkin WeMo devices, Honeywell thermostat and Comcast’s Xfinity alarm system.
So it will be interesting to see how many of these devices have corresponding vulnerabilities and when to fix them before they become dangerous for users’ personal data.