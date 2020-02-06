Researchers from Check Point Software have released the details of a particularly nasty vulnerability in the Zigbee smart home protocol that has the potential to take over your Wi-Fi network and inject malware into the things connected to it. This is notable because many smart home and Internet of Things products use Zigbee, including the Philips Hue lamps and bridge that a lot of people own.
This vulnerability was patched by Philips but a lot of things use Zigbee.
The good news is that the vulnerability was patched in your Hue setup before details were made public because Check Point contacted Philips immediately after it figured this mess out. In fact, it's been patched by a firmware update you probably already received.
The bad news is that you might own other devices that use Zigbee and they aren't yet patched. And might never be.
How it works
- An attacker is able to use the ZIgbee exploit to take control of a lamp connected to your Hue Bridge.
- The attacker then messes with the settings of the lamp and does things like randomly change colors or brightness, making you think the bulb is glitched.
- You remove the lamp from the Hue app, then let it be rediscovered.
- The attacker then can use the "infected" lamp to take over your hub and install a piece of malware onto it.
- This malware can allow the hacker to connect to everything on the same network and try to spread something like spyware or ransomware to smarter devices, like a computer or smartphone using other known exploits.
Check Point and Hue worked to patch the Hue Hub in mid-January. You should have received an automatic update to the Hub with this patched software by now and none of this works anymore.
Check to make sure you're safe
Checking to make sure you're safe is easy — open the Hue app and look in the Settings > About section to make sure you Hub/Bridge is on firmware version 1935144040 or later. If so, you're good.
If you're not on patched firmware, you can open the Settings > Software Update screen and you'll find an update waiting. Install it.
Internet of Things devices are notoriously insecure and this is a perfect example of why that matters. Philips quickly and responsibly patched this exploit and Zigbee will patch against it in the next version of the protocol; though it's the manufacturer who has the responsibility to patch devices themselves.
Most companies that make IoT devices will never update them.
Most don't. That's why we recommend products from companies that understand the importance of IoT security, like Signify (Philips' parent company) or August. Someone sitting outside your house turning your lights from blue to red is simply an annoyance, but that unfolding to a situation where the next time you turn on your PC it's locked down until you pay a hefty ransom to a hacker to decrypt the file system is pretty serious.
Everything you need to know about Google's plan to disrupt the IoT with Android Things
Companies like Google, Samsung, and BlackBerry are working hard to make the Internet of Things more secure, but it's a long slow process because the foundation of it all uses so many different parts. But it's something that has to be done before things like self-driving cars or even self-reading water meters become commonplace.
Smart and Secure Lighting
Philips Hue White and Color Ambiance Smart Bulb Starter Kit
Light up your house the smart — and secure — way.
Philips Hue is one of the leaders in smart home lighting and this kit will get you set up with everything you need to get started. The starter kit includes four color-changing bulbs and the Hue Bridge to control them. Setup is a breeze and the auto-update feature means you get the latest security fixes as soon as they are available.
We may earn a commission for purchases using our links. Learn more.
Motorola is chasing waterfalls with its next 5G phones
Motorola is looking to make 2020 the year it makes its big rebound back into the world of flagship phones. While the folding Motorola RAZR may have mid-range specs, a pair of upcoming 5G phones from the company bring things a little closer to the high-end of the spectrum.
Huawei is suing Verizon over allegedly violating 12 of its patents
Early Thursday morning, Huawei filed a lawsuit against Verizon in the Eastern and Western district courts of Texas, alleging it had infringed on 12 of Huawei's patents.
Huawei, Xiaomi, Oppo, and Vivo are teaming up to challenge the Play Store
China's top smartphone manufacturers are teaming up to create the Global Developer Service Alliance, which will allow developers to submit their app once and have it added simultaneously across their app stores.
These are the best smart locks that you can use with Alexa
Looking to make your home smarter? Check out these smart locks!