Check Point Research last Friday revealed that smart lightbulbs and their control bridge could be used to exploit an IoT network to launch attacks on conventional computer networks in homes, businesses or even smart cities.
Researchers focused on the popular Philips Hue smart bulbs and bridge and identified the CVE-2020-6007 vulnerability that enabled it to infiltrate networks using a remote exploit in the Zigbee low-power protocol, which is used to control a wide range of IoT devices. The communication protocol is used for giving commands to the Philips Hue bulbs and receiving information from them.
“Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as lightbulbs can be exploited by hackers and used to take over networks, or plant malware,” said Yaniv Balmas, head of Cyber Research, Check Point Research, the threat intelligence arm of Check Point Software Technologies.
The attack scenario is as follows:
- The hacker controls the bulb’s colour or brightness to trick users into thinking the bulb has a glitch. The bulb appears as ‘Unreachable’ in the user’s control app, so they will try to ‘reset’ it.
- The only way to reset the bulb is to delete it from the app, and then instruct the control bridge to re-discover the bulb.
- The bridge discovers the compromised bulb, and the user adds it back onto their network.
- The hacker-controlled bulb with updated firmware then uses the ZigBee protocol vulnerabilities to trigger a heap-based buffer overflow on the control bridge, by sending a large amount of data to it. This data also enables the hacker to install malware on the bridge – which is in turn connected to the target business or home network.
- The malware connects back to the hacker and using a known exploit (such as EternalBlue), they can infiltrate the target IP network from the bridge to spread ransomware or spyware.
The research was done with the help of the Check Point Institute for Information Security (CPIIS) in Tel Aviv University,
“It’s critical that organisations and individuals protect themselves against these possible attacks by updating their devices with the latest patches and separating them from other machines on their networks, to limit the possible spread of malware,” Balmas said.
Taking action
This is not the first time an analysis of the security of ZigBee-controlled smart lightbulbs has been conducted. In 2017, researchers revealed that they were able to take control of a Hue lightbulb on a network, install malicious firmware on it and propagate to other adjacent lightbulb networks.
Check Point Research took this prior work one step further and used the Hue lightbulb as a platform to take over the bulbs’ control bridge and ultimately, attacking the target's computer network.
It should be noted that more recent hardware generations of Hue lightbulbs do not have the exploited vulnerability.
When Check Point Research disclosed its latest finding to Philips and Signify (owner of the Philips Hue brand) in November 2019. Signify confirmed the existence of the vulnerability in their product, and issued a patched firmware version, which is now via an automatic update.
George Yianni, head of technology at Philips Hue, said: ““We are committed to protecting our users’ privacy and do everything to make our products safe. We are thankful for responsible disclosure and collaboration from Checkpoint, it has allowed us to develop and deploy the necessary patches to avoid any consumers being put at risk”
Boris Cipot, senior security engineer at Synopsys Software Integrity Group, commented: “The good news is that the vulnerability has already patched by Philips and was released on the 13th of January. Users that have automatic updates enabled on their bridges have already got the patch applied.”
He pointed out that It is highly advisable to turn the automatic updates on, so you do not miss any security improvements now or in the future.
“Furthermore, there are other perks to having automatic updates switched on. This includes ensuring you do not miss out on quality, security or performance improvements, as well as guaranteeing that your Hue System stays compatible with new Hue products.”