Smart home can be useful, but of course there are points that can be vulnerable. There is currently a report from Checkpoint’s security researchers showing what could have happened. Checkpoint researchers showed how an attacker could use an IoT network (intelligent lightbulbs and their bridge) to launch attacks on traditional computer networks in homes or businesses.

The researchers focused on the lighting solutions and the bridge from Philips Hue. Here they found vulnerabilities (CVE-2020-6007) that allowed them to infiltrate networks using a remote exploit in the low-power wireless ZigBee protocol that is used to control a variety of IoT devices. Important to know here: Although Hue was tested due to the widespread use of the solution, the weak point lies in the ZigBee protocol, which numerous manufacturers use.

Not the first report of this kind, there were already weaknesses in 2017 that are similar to the current one. These gaps were analyzed again by Checkpoint and one apparently found what they were looking for, but only with the old Philips solution. It should be noted that newer hardware generations of the Hue solutions do not have the exploited vulnerability, said Checkpoint in its message. If you have a Bridge V2, you should be on the safe side ex works.

The attack scenario is as follows: The attacker controls the color or brightness of the lightbulb to deceive users into believing that the lightbulb is malfunctioning. The lightbulb appears in the user’s control application as ‘unreachable’, so he will try to ‘reset’ it. The only way to reset the lightbulb is to delete it from the application and then tell the bridge to find the lightbulb again. The bridge detects the compromised light bulb and the user reinserts it into his network. The attacker-controlled lamp with updated firmware then uses the vulnerabilities of the ZigBee protocol to trigger a heap-based buffer overflow on the bridge by sending a large amount of data to it. This data also enables the attacker to install malware on the bridge – which in turn is connected to the home network. The malware reconnects to the attacker and can penetrate the target IP network from the bridge via a known vulnerability (such as EternalBlue) to spread ransom or spyware programs.

In a joint decision with Signify (the company behind Hue), the decision was made to postpone the publication of the full technical details of the research in order to give Philips Hue customers enough time to safely update their products to the latest version. Therefore, more precise details will only be published soon.