Late last year, 2019, a cyber threat intelligence company, Check Point Research, informed Phillips of an exploit affecting their Hue line-up of products. Phillips Hue is a range of internet connected smart lighting products that are connected through an IoT bridge.

Smart Bulb Zigbee Exploit

The research company outlines the exploit in their findings to be a flaw in many of the Philips Hue smart light bulb’s firmware. This flaw in the smart bulb’s firmware acts as an open door to an unsuspecting victim’s network for an attacker.

The exploit itself originates within the Zigbee protocol and was first reported in 2017 by independent researchers. Zigbee is a low-power IoT protocol that many manufacturers, including Phillips, use for device communication in their IoT products.

Two years on from when the exploit in the Zigbee protocol was first reported, Check Point have said that they used the same method as the original researchers that tested the protocol and found that the exploit still worked.

An attack based on this persistent exploit in Zigbee, starts with the attacker gaining control of a single smart bulb using the Zigbee exploit and pushing malicious malware to it. After gaining control of the smart bulb, an attacker would change the bulbs brightness and/or colour in order to make the owner believe the bulb is glitched. To fix a glitched bulb, you have to remove the bulb from the network and then reconnect it. Once reconnected, the malware injected into the bulb’s firmware triggers a data download onto the IoT bridge that controls all of the Hue products. This download can include a plethora of additional malicious tools that can be used and accessed by the attacker. After infecting the IoT bridge, the attacker is now in the victim’s network and is able to navigate around it to other connected devices.

Phillips has released firmware updates for the affected products that they have said stops the Zigbee exploit from working on them. However, it’s important that firmware updates aren’t normally automatic, you’ll need to use the Phillips Hue app to update any affected bulbs.