We've all seen this movie: The lucah isteriku bayar hutang dengan teteklights inexplicably start to flicker and a naive homeowner writes it off as just a glitch. But no! There's something... in ... the house.
In the smart home age, that horror scenario could actually come to life — except the intruders aren't angry spirits, they're hackers.
A new report from Check Point Research, a cyber threat intelligence outfit, shows how a vulnerability in a Philips Hue smart lightbulb could allow attackers to gain control over the home or business network of which the bulb is a part.
You May Also Like
Philips Hue and other smart lightbulbs allow users to control the lighting with an app or smart assistant. They're convenient and fun (they change colors!), but apparently making innocuous appliances in your home "smart" is not without its downsides.
The assault scenario is truly spooky. Check Point researchers used a previously discovered vulnerability in the smart bulb to hijack it. They then control the bulb's functioning, causing it to become unresponsive or even — gasp — flicker.
Since the bulbs no longer respond to their owner's control, this prompts the user to reset the bulb in the app that controls it. Doing that allows the hackers to spread their malware to the smart home hub between the bulb and the home network (on a popular wireless protocol called ZigBee), which allows it to gain access to the rest of the connected devices on the network. Home: invaded.
Here's a video of how it all goes down.
Check Point Research made the company that owns Philips Hue bulbs, Signify, aware of the threat in November 2019. Bulb owners should have received an automatic update, but can now also manually update their firmware to prevent against this sort of attack.
This scenario only demonstrated the vulnerability of these specific smart bulbs, but Check Point told Mashable that it could shine a light on possible threats from other smart home products.
"The fact that IoT products are connected to a central network means they can serve as a new 'attack vector' and are a means to get right inside the central network and inject it with malicious files," a Check Point Research representative said. "We showed an example of how this works, but the danger is potentially much larger."
Almost makes you wish your home was dumb again...
Topics Cybersecurity