A study takes Philips Hue’s ZigBee protocol as a hacking platform

A study takes Philips Hue’s ZigBee protocol as a hacking platform
Smart lighting Philips Hue has again become the target for cyber attacks. A study was published recently that the researchers have successfully hijacked Philips Hue smart light bulbs through the Zigbee protocol. 

According to the study, wicked hackers are capable to push a malicious firmware update through Philips Hue’s flaws and the Zigbee protocol. Once the fake update gets one smart light bulb, it is able to spread automatically from one to another ones. 

If the device is hacked, the hacker is able to turn the lights on and off from a automobile driving by the house or a drone flying outside the building. 

From the example, the researchers have shown that they were able to hack Philips Hue lightbulbs from 400 meters away outdoors and 70 meters inside. They hijacked the devices by driving around or flying a drone equipped with off-the-shelf hardware.

From the study, this kind of threat to connected devices is like nuclear chain reaction, which is able to spread explosively over large areas and infect each other with a worm. Therefore, if large scale attack happens, the hacker would be able to turn all the city lights on or off, permanently brick them or exploit them in a massive DDoS attack. 

According to Philips, the company has released a patch in this early October and encouraged all the users to install the patch through the Hue app. However, from one of the researchers participating the study, the patch released by Philips can only prevent devices from taking over the light bulbs from distance. The creating malicious updates flaw is still not being solved. In other words, hackers are still able to infect the devices and use them to conduct DDoS attacks. 

From a latest report published by research firm Gartner, there will be more than 6.4 billion IoT devices in use by the end of 2016 and the number is expected to grow into 20.8 billion by 2020. 

With the exploding numbers of connected devices, the threats come with them are also increasing. There would be soon a strong need for IoT devices protection, to prevent that everybody’s home becomes weapons for cyber attackers. 

Share to:
Comments ( 0 )