By taking control of smart lights, hackers can deliver extortion viruses or other malicious programs to office and home networks, Check Point Research experts say.

Hackers can use an IoT network (smart light and the network bridge that controls them) to attack ordinary computer networks in homes, businesses or even smart cities. The researchers tested Philips Hue smart lights and bridges, which are popular on the market.

The experts discovered a security vulnerability that allowed a remote exploit of the low-power ZigBee wireless protocol, which is used to control a large number of IoT devices.

In a security study of smart lights controlled by the ZigBee protocol, experts were able to gain control over a Hue light on a network, install malware on it, and extend it to other neighboring light networks. Using the remaining vulnerability, Check Point researchers used the Philips Hue light as a platform to take full control of the network bridge. It should be noted that the next generations of Hue light bulbs have no operational vulnerability.

How does an attack take place?

1) A hacker changes the color or brightness of a lamp to cheat users: this makes them think that the lamp is failing. The lamp is displayed as “Not available” in the user’s control application, so the owners will try to reset the settings.

1. The only way to reset the settings is to remove the light from the application and then assign the network control bridge to re-detect the lamp.
2. The Control Bridge detects a light bulb that has been compromised by hackers, and it is the User that adds it back to his network.
3. The hacker-controlled light with updated firmware exploits ZigBee protocol vulnerabilities to cause buffer overflow on the control bridge, sending it a large amount of data. This data also allows the hacker to install malware on the bridge, which in turn is connected to the right company or home network.
4. The malware connects back to the hacker and the attacker uses a well-known exploit (such as EternalBlue) to penetrate the correct IP network from the bridge to spread extortion or spyware.
   “Many of us know that IoT devices can be insecure. This research shows that even the most common seemingly simple devices, such as lights, can be used by hackers to capture networks and introduce malware, says Yaniv Balmas, head of cyber research at Check Point Research. – It’s critical that organizations and ordinary users protect themselves from potential attacks by regularly updating their devices and separating them from other computers on their networks. This is to limit the possible spread of malware. Now, in the complex landscape of fifth generation attacks, you need to control everything related to our networks.

The research, conducted with the help of the Institute of Information Security Check Point (CPIIS) at Tel Aviv University, was revealed to Philips and Signify (owner of the Philips Hue brand) in November 2019. Signify confirmed the vulnerability in their product and released a corrected version of the firmware (Firmware 1935144040), which is now available through an automatic update.

Share it