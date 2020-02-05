We’ve all seen this movie: the lights begin to flash inexplicably and a naive homeowner writes it off like a glitch. But no! There is something … in … the house.

In the smart home era, that horror scenario can really come to life – except that the invaders are not evil spirits, they are hackers.

A new report from Check Point Research, a cyber threat information equipment, shows how a vulnerability in a Philips Hue smart light bulb can cause attackers to gain control over the home or business network of which the lamp is part.

With Philips Hue and other smart light bulbs, users can control the lighting with an app or smart assistant. They are handy and fun (they change color!), But apparently harmless devices in your home are ‘smart’, not without disadvantages.

The attack scenario is really creepy. Check Point researchers used a previously discovered vulnerability in the smart lamp to hijack it. They then control the operation of the lamp, so that it no longer responds or even – gasping – flickers.

Because the lamps no longer respond to the operation of their owner, the user is asked to reset the lamp in the app that controls it. This allows the hackers to distribute their malware to the smart home hub between the lamp and the home network (on a popular wireless protocol called ZigBee), giving it access to the rest of the connected devices on the network. Home: invaded.

Here is a video of how it all ends.

Check Point Research has made the company that owns Philips Hue lamps, Signify, aware of the threat in November 2019. Bulb owners should have received an automatic update, but can now also update their firmware manually to prevent this type of attack.

This scenario only showed the vulnerability of these specific smart lights, but Check Point told Mashable that it could shed light on potential threats from other smart home products.

“The fact that IoT products are connected to a central network means they can serve as a new” attack vector “and a means to enter the central network and inject it with malicious files,” said a Check Point representative. Research. “We have shown an example of how this works, but the danger is potentially much greater.”

You almost wish your house was stupid again …

