Breaking News

TerraMaster Introduces Upgraded D8 Thunderbolt 3 8-Bay DAS for Professional Creators PHISON IS THE FIRST TO SHIP THE NEW PCIe SD EXPRESS CARD (SD 7.0) SP Industrial Presents “Cinema Series” CF Cards For Unparalleled 4K/8K Recording Samsung Begins Mass Production of Data Center SSD Customized for Hyperscale Environments Sony Launches FX3 Full-Frame Camera with Cinematic Look and Enhanced Operability for Creators

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Researchers Show How Networks Can Be Hacked from a Lightbulb

Researchers Show How Networks Can Be Hacked from a Lightbulb

Enterprise & IT Feb 5,2020 0

Security researchers showed how a threat actor could exploit an IoT network (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks in homes, businesses or even smart cities.

Check Point’s researchers focused on the market-leading Philips Hue smart bulbs and bridge, and found vulnerabilities (CVE-2020-6007) that enabled them to infiltrate networks using a remote exploit in the ZigBee low-power wireless protocol that is used to control a wide range of IoT devices.

With the help of the Check Point Institute for Information Security (CPIIS) in Tel Aviv University, the researchers were able to take control of a Hue lightbulb on a target network and install malicious firmware on it. From that point, they used the lightbulb as a platform to take over the bulbs’ control bridge, and attacked the target network as follows:

  • The hacker controls the bulb’s color or brightness to trick users into thinking the bulb has a glitch. The bulb appears as ‘Unreachable’ in the user’s control app, so they will try to ‘reset’ it.
  • The only way to reset the bulb is to delete it from the app, and then instruct the control bridge to re-discover the bulb.
  • The bridge discovers the compromised bulb, and the user adds it back onto their network.
  • The hacker-controlled bulb with updated firmware then uses the ZigBee protocol vulnerabilities to trigger a heap-based buffer overflow on the control bridge, by sending a large amount of data to it. This data also enables the hacker to install malware on the bridge – which is in turn connected to the target business or home network.
  • The malware connects back to the hacker and using a known exploit (such as EternalBlue), they can infiltrate the target IP network from the bridge to spread ransomware or spyware.

The research was disclosed to Philips and Signify (owner of the Philips Hue brand) in November 2019. Signify confirmed the existence of the vulnerability in their product, and issued a patched firmware version (Firmware 1935144040) which is now available on their site.

In a joint decision with Signify, Check Point decided to postpone the release of the full technical details of the research in order to allow Philips Hue clients to have enough time to safely update their products to the latest version.

Tags: HackingSmart HomeCybersecurity
Previous Post
Spotify Reports Rise in Premium Subscribers
Next Post
Seagate Set to Launch 18TB HDDs in The First Half of the Calendar Year 2020

Related Posts

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Microsoft Offers You $100,000 If You Can Hack the Linux-based Azure Sphere

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Nintendo Says 160,000 Accounts Have Been Hacked

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

Latest News

TerraMaster Introduces Upgraded D8 Thunderbolt 3 8-Bay DAS for Professional Creators
Enterprise & IT

TerraMaster Introduces Upgraded D8 Thunderbolt 3 8-Bay DAS for Professional Creators

PHISON IS THE FIRST TO SHIP THE NEW PCIe SD EXPRESS CARD (SD 7.0)
Enterprise & IT

PHISON IS THE FIRST TO SHIP THE NEW PCIe SD EXPRESS CARD (SD 7.0)

SP Industrial Presents “Cinema Series” CF Cards For Unparalleled 4K/8K Recording
Cameras

SP Industrial Presents “Cinema Series” CF Cards For Unparalleled 4K/8K Recording

Samsung Begins Mass Production of Data Center SSD Customized for Hyperscale Environments
Enterprise & IT

Samsung Begins Mass Production of Data Center SSD Customized for Hyperscale Environments

Sony Launches FX3 Full-Frame Camera with Cinematic Look and Enhanced Operability for Creators
Cameras

Sony Launches FX3 Full-Frame Camera with Cinematic Look and Enhanced Operability for Creators

Popular Reviews

CeBIT 2005

CeBIT 2005

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Hitachi DZ-MV100A DVD Camcorder

Hitachi DZ-MV100A DVD Camcorder

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed