Security Experts:

Connect with us

Hi, what are you looking for?


IoT Security

Smart Lightbulbs Used to Compromise Home and Business Networks

Researchers have demonstrated an ability to compromise an IoT smart bulb, and then use malware from the internet-connected bulb to infiltrate the rest of a network — regardless of whether that is a home or office.

Researchers have demonstrated an ability to compromise an IoT smart bulb, and then use malware from the internet-connected bulb to infiltrate the rest of a network — regardless of whether that is a home or office.

In 2016, earlier researchers were able to compromise Philips Hue lightbulbs with malicious firmware, and then propagate to other adjacent lightbulbs. The vendor was able to fix the propagation issue, but due to design issues was unable to fix the original vulnerability. Now researchers at Check Point have been able to use this initial vulnerability to compromise the lightbulb and use it as a platform to take over first the controlling bridge, and then — using vulnerabilities in the ZigBee communication protocol — to propagate to other devices on the network.

ZigBee is a communication protocol that allows different smart products from different manufacturers to communicate with each other. Common users of Zigbee include Amazon Echo Plus, Samsung SmartThings, Belkin WeMo, and many more smart home devices. The Philips Hue lightbulb transmits and receives messages using Zigbee, and uses a device known as the bridge to receive commands.

“Check Point’s researchers,” said the firm in a blog report, “showed how a threat actor could exploit an IoT network (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks in homes, businesses or even smart cities.”

In a scenario described by the researchers, the hacker would remotely compromise the lightbulb (it can be achieved with a laptop and antenna from over 100 yards distance) and make it misbehave so the user thinks there is a problem. According to the control panel, the bulb appears ‘unreachable’ and needs to be reset. If this is done, the bridge reaches out to the compromised bulb and adds it back into the network.

The hacker-controlled lightbulb can then use ZigBee protocol vulnerabilities to trigger a heap-based buffer overflow on the control bridge by sending a large amount of data that can include malware. The malware connects back to the hacker. Since the compromised bridge connects to the rest of the network, the hacker can now use a known exploit, such as EternalBlue, to spread other malware such as ransomware or spyware to the network.

“Many of us are aware that IoT devices can pose a security risk,” said Yaniv Balmas, head of cyber research at Check Point, “but this research shows how even the most mundane, seemingly ‘dumb’ devices such as lightbulbs can be exploited by hackers and used to take over networks, or plant malware. It’s critical that organizations and individuals protect themselves against these possible attacks by updating their devices with the latest patches and separating them from other machines on their networks, to limit the possible spread of malware. In today’s complex fifth-generation attack landscape, we cannot afford to overlook the security of anything that is connected to our networks.”

Check Point reported the issue to Philips and Signify (owner of the Philips Hue brand) in November 2019, but is not releasing full technical details of the hack until users have a chance to install the fix. 

“We are thankful for responsible disclosure and collaboration from Check Point,” said George Yianni, head of technology at Philips Hue in a statement. “It has allowed us to develop and deploy the necessary patches to avoid any consumers being put at risk.” 

Philips Hue is able to fix the vulnerability now (it couldn’t when it was first reported in 2017) through a joint effort by its own developers and the Check Point researchers. The solution uses Check Point technology acquired with the purchase of Cymplify, an Israeli startup founded in 2019, in November 2019. The protection modifies the existing firmware of the product and enforces Control-Flow-Integrity (CFI), preventing an attacker from hijacking the flow of the program. The proof-of-concept successfully blocked the exploit without any knowledge of the attack method used by the Check Point researchers, and without requiring any additional security device.

The patched firmware (Firmware 1935144040) is now available on the Philips Hue website, and it is recommended that users ensure that their product received the automatic update of this firmware version.

Related: Flaws in Smart City Systems Can Allow Hackers to Cause Panic 

Related: Samsung Patches Critical Vulnerabilities in SmartThings Hub 

Related: The Future of Cyber Through the Eyes of an Intelligence Firm 

Related: The Secret to Securing Smart Buildings

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

Today’s growing attack surface is dominated by non-traditional endpoints.

IoT Security

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Australia's Defense Department said that they will remove surveillance cameras made by Chinese Communist Party-linked companies from its buildings.

IoT Security

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV...