Hackers can hijack Philips smart bulb to spread spyware: Check Point Security

For the past few years, people have increasingly embracing Internet-of-Things (IoT)-based smart speakers and related accessories like lights and other consumer electronics.

Sadly, smart gadget-makers have let down consumers, as reports have emerged the devices have serious vulnerabilities, wherein hackers can hijack them to prey on naive users to spread malware and ransomware, reported Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd.

During a routine security screen, Check Point researchers tested popular Philips Hue smart bulbs and bridge, and to their shock, found vulnerabilities (CVE-2020-6007) that easily allowed them to breach networks using a remote exploit in the ZigBee low-power wireless protocol, which by the way is used by most of the IoT devices across the world.

Here's how cybercriminals can take over the smart bulb:
1) Once gaining access to the network via security loophole, the hacker will start with changing the bulb’s colour or brightness to trick users into thinking the bulb has a glitch. The bulb appears as ‘Unreachable’ in the user’s control app, so the victim will try to ‘reset’ it.
2) For users, there's only one way to reset and that is, delete the 'device' from the mobile app and once again start the discover new device.
3) This time, the bridge detects the compromised bulb, and the user adds it back onto their network via the mobile app.
4) By this time, the bulb will be infected with updated firmware. The bulb uses the ZigBee protocol vulnerabilities to trigger a heap-based buffer overflow on the control bridge, by sending a large amount of data to it. This data allows the hacker to install malware on the bridge – which is in turn connected to the target business or home network.
5) The malware connects back to the hacker and using a known exploit (such as EternalBlue), they can infiltrate the target IP network from the bridge to spread ransomware or spyware.

Checkpoint researchers have notified Philips and Signify (Philips Hue brand licensee) about the vulnerabilities in the smart bulb. The former has acknowledged it and has released the new update to plug the loophole.

All Philips Hue bulb owners are advised to update their devices with the latest firmware (v1935144040) as early as possible.

Check out the demo video conducted by Check Point Security researchers:

Get the latest news on new launches, gadget reviews, apps, cyber security and more on personal technology only on DH Tech.