Never miss a story

Get subscribed to our newsletter


×
Security researchers on Wednesday warned that cyber criminals could exploit an Internet of Things (IoT) network by using smart bulbs. Pixabay

Security and technology researchers on Wednesday warned that cyber criminals could exploit an Internet of Things (IoT) network – smart light bulbs and their control bridge — to launch attacks on conventional computer networks in homes, businesses or even smart cities.

The researchers from cybersecurity firm Check Point discovered vulnerabilities in the communication protocol used by Philips Hue smart lightbulbs — a marquee smart home device that relies on the Zigbee protocol.


The research, which was done with the help of the Check Point Institute for Information Security (CPIIS) in Tel Aviv University, Israel was disclosed to Philips and Signify (owner of the Philips Hue brand) in November 2019.


Many of us are aware that IoT network devices can pose a security risk. Pixabay

Signify confirmed the existence of the vulnerability in their product, and issued a patched firmware version (Firmware 1935144040) which is now via an automatic update.

For the study, the researchers focused on the Philips Hue smart bulbs and bridge, and found vulnerabilities (CVE-2020-6007) that enabled them to infiltrate networks using a remote exploit in the ZigBee low-power wireless protocol that is used to control a wide range of IoT devices.

The researchers used the Hue lightbulb as a platform to take over the bulbs’ control bridge and ultimately, attacking the target’s computer network.

The more recent hardware generations of Hue lightbulbs do not have the exploited vulnerability, the study said.

“Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as lightbulbs can be exploited by hackers and used to take over networks, or plant malware,” said Yaniv Balmas, Head of Cyber Research, Check Point Research.

“It’s critical that organisations and individuals protect themselves against these possible attacks by updating their devices with the latest patches and separating them from other machines on their networks, to limit the possible spread of malware. In today’s complex fifth-generation attack landscape, we cannot afford to overlook the security of anything that is connected to our networks,” Balmas said.

In an attack scenario that the researchers unravelled, the hacker controls the bulb’s colour or brightness to trick users into thinking the bulb has a glitch. The bulb appears as ‘unreachable’ in the user’s control app, so they will try to ‘reset’ it.


The researchers from cybersecurity firm Check Point discovered vulnerabilities in the communication protocol used by Philips Hue smart lightbulbs. (Representational Image). Pixabay

The only way to reset the bulb is to delete it from the app, and then instruct the control bridge to re-discover the bulb.

The bridge discovers the compromised bulb, and the user adds it back onto their network.

The hacker-controlled bulb with updated firmware then uses the ZigBee protocol vulnerabilities to trigger a heap-based buffer overflow on the control bridge, by sending a large amount of data to it.

This data also enables the hacker to install malware on the bridge – which is in turn connected to the target business or home network.

Also Read- Twitter to Label Fake Content on its Platform

The malware connects back to the hacker and using a known exploit (such as EternalBlue), they can infiltrate the target IP network from the bridge to spread ransomware or spyware.

“We recommend users to make sure that their product received the automatic update of this firmware version,” Check Point said. (IANS)


Popular

As per the man, his wife had developed an illicit relationship with a man, living nearby their house. | Unsplash

High drama was witnessed in Kanpur Dehat for over an hour when a man, upset over his wife's alleged affair with a local man, climbed the tower with his children and threatened to commit suicide. The incident took place on Monday near Gandhi Nagar in Akbarpur, when the man threatened to commit suicide after throwing his kids down from a height of nearly 40-feet. Chaos prevailed around the area and the locals informed the police that rushed to the spot.

After about half-an-hour of convincing, the police managed to bring him and his children down. The man told the police that his wife's affair was going on with his neighbor. He had complained to the police, but no action was taken. Police said that as per the man, his wife had developed an illicit relationship with a man, living nearby their house. "As per the man, in his absence, his neighbor visited his house often. He said that he had reprimanded his neighbor many times, but to no avail," said the police.

Keep Reading Show less
File

The US forces continued their bombardment of buildings and institutions in Syria's northeastern Hasakah province.

The US forces continued their bombardment of buildings and institutions in Syria's northeastern Hasakah province, as part of their alleged manhunt of Islamic State (IS) fugitives, state news agency SANA reported. The US forces are shelling buildings and public institutions on Tuesday in the vicinity of the Sina'a prison in the Gweiran neighborhood in Hasakah "on the pretext of hunting down IS militants who fled the prison," said SANA.

Syria The Syrian Foreign Ministry has slammed the US airstrikes as civilian casualties have been reported. | Wikimedia Commons

Keep Reading Show less

Multiple avian influenza outbreaks have occurred in India, the UK, the Netherlands and Israel. | Unsplash

The circulating avian influenza outbreaks, including in India, do not seem to pose the 'high' risk but surveillance and biosecurity measures are necessary to reduce spillover risk between poultry and wild birds, a UN-backed scientific task force said. Throughout the past autumn and current winter in the northern hemisphere, multiple avian influenza outbreaks, caused predominantly by the H5N1 HPAI virus, plus other subtypes, including H5N8, have occurred in India, the UK, the Netherlands and Israel with the ever recorded mortality of the Svalbard barnacle geese in Solway Coast.

Also Read : Avian Influenza is Heat liable and gets killed when subjected to heat

Keep reading... Show less