Researchers Use Smart Light Bulbs to Infiltrate Networks
February 06, 2020
Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the ZigBee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices.
To make the discovery, Check Point researchers built on earlier studies that showed how to control smart light bulbs. The new finding focused on the how this control can be exploited to hack other devices.
Although the research focused on smart light bulbs, it’s possible that a similar vulnerability may be exploited in other devices as well. This is because the Zigbee communication protocol can be used not just in smart lighting systems but also in temperature control, safety equipment operations, surveillance tools, and many more. Outside the home, the protocol may be utilized in systems powering healthcare, supply chain, retail, and other industries.
How the compromise happens
According to the study, after a smart light bulb has been hacked, hackers can perform the following steps to use the smart light bulb to infiltrate the home or enterprise network:
- The hackers begin by adjusting the bulb’s color or brightness. This will make it seem like the bulb is experiencing glitches, as the user did not perform any action on the control application to enable these changes. The bulb will appear as “Unreachable” in the control app, and the user will lose control of the bulb’s settings.
- The user will then be compelled to reset the bulb by deleting it from the app, then instructing the control bridge to rediscover the bulb; but this time, the bulb that will be detected is already compromised. The user will add the compromised bulb back on the network.
- After that, the recently discovered CVE-2020-6007 comes in. The compromised bulb will send a large amount of data to the bridge, triggering a heap-based buffer overflow and enabling the installation of malware. The malware then connects back to the hacker, who can use known exploits and vulnerabilities to enable IP network infiltration and malware propagation.
Signify, manufacturer of Philips Hue, successfully fixed the vulnerability and the patched firmware (Firmware 1935144040) is available on the their official website.
Outsmarting hackers of smart devices
Smart devices can make managing homes or work spaces more convenient and more efficient. However, users must remain vigilant of security risks. Many IoT devices like routers, smart doorbells, and smart alarms have yet-to-be-known vulnerabilities that cybercriminals are raring to exploit.
With the compromise of a smart bulb alone, hackers can pose harm. These can range from annoying actions as simple as turning the lights on or off erratically, to disruptive ones like turning all lights on to overload the power system, and to outright dangerous actions like flashing lights as quickly as possible to blind people or cause seizures in people with photosensitive epilepsy.
And the damage can go far beyond a single device. As the researchers noted, something as unassuming as a light bulb can be used to compromise entire networks — disrupting operations and stealing data, which may affect homes, businesses, or even smart cities.
Because of this, users should not be left in the dark on the ways they can ensure the security of their smart devices. Here are basic steps to IoT device security:
- Change the default passwords of smart devices. Update them frequently.
- Monitor smart devices for unusual activities and unfamiliar connections.
- Regularly update device firmware and applications to protect devices from the newest security vulnerabilities.
- Deliberately configure the security settings of your smart devices, and disable unnecessary features.
Protecting smart devices require a multilayered defense. Users can employ Trend Micro™ User Protection Solutions for endpoints and Trend Micro Home Network Security for routers. Enterprises can rely on Trend Micro Deep Discovery™ Inspector for advanced threats and targeted attacks.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report