First the lamp, then the network
The hackers use a notebook and one antenna, So the smart lamp is accessed and taken over. The attacker now turns the lamp on and off or arbitrarily changes the light color to pretend the owner that it has a problem. If the owner adheres to the manufacturer’s recommended procedure to be able to use unresponsive lamps again, he removes the lamp from the app and adds it again.
This triggers the next phase of the attack. The hacker installed manipulated firmware on the lamp, which is activated by adding the lamp in the app. This now fills the Hue Bridge with data, which opens another gap. The Hue Bridge is necessary to connect the lamps to the WiFi so that they can be controlled via the app.
Is the bridge with Malware infected, can result in the whole network With malicious software be contaminated. So you can also computerthat are in the same WLAN or network are take over.
Users should patch
Check Point announced Signify, the owner of the Philips Hue brand, in November 2019 security breach informed. Signify has confirmed the problem and released the firmware update with the version number 1935144040. Signify has classified the severity of the gap as “high” and recommends users to install the firmware update immediately.
To do this, open the Hue app and there the settings. If you scroll down, you will find “software update”. Now you can check for available updates. And while you’re at it, you should also activate the automatic updates in this menu to check for new ones as soon as possible vulnerabilities to be protected.
–
