Philips Smart Lights Hacked Using a Drone


Personal conveniences and environmental benefits aside, the Internet of Things is a hackers' paradise.

As the New York Times reports, Researchers at Israel's Weizmann Institute of Science and Dalhousie University in Canada recently uncovered a flaw in a wireless technology often used in smart home devices, including Philips Hue smart light bulbs.

The new risk stems from radio protocol ZigBee, a wireless communications standard widely used in home consumer devices—especially smart light bulbs. Researchers found that the nearly two-decade-old standard can be used to create a computer worm to spread malicious software.

The few lights you have installed in your house are unlikely targets. But imagine a city with thousands of Internet-connected bulbs illuminating neighboring buildings. An attack could "spread explosively over large areas in a kind of nuclear chain reaction," according to the research paper published this week.

Researchers tested their theory in two takeover attack demos, causing lights to flicker at a range of more than 230 feet while driving and from 0.2 miles while via a flying drone (video above).

The scientists notified Philips Lighting of the vulnerability, offering suggestions for a fix; the company has since issued an over-the-air patch.

It remains unclear how many Philips Hue smart light bulbs—which allow users to wirelessly control and personalize their lighting—have been sold and installed internationally. Philips did not immediately respond to a request for comment.

All it takes is a single infected bulb to allow a worm to spread, and within minutes a hacker can turn blocks of lights on or off, permanently brick them, or exploit them in a DDoS attack—like the one that knocked popular Web services offline last month. In that case, the Mirai botnet—which scours the Web for poorly protected IoT-connected devices and enlists them to overwhelm a target with online—ambushed DNS provider Dyn, causing a major outage across the globe.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Verizon Confirms Pixel Black Friday Deal at $10 Per Month

    On Thursday and Friday, Verizon is going to give you the best deal to date on the Pixel with 32GB or 128GB of storage.It’s a bit of a tricky one, but should you opt for either storage amount on a device payment plan, you’ll technically only pay $10 or $15 per month, respectively.
  • 5300c769af79e

    Live for the Week of July 3, 2016

    InformationWeek Live for the Week of July 3, 2016 Join us for a roundup of the top stories on InformationWeek.We'll be talking with the InformationWeek.
  • 5300c769af79e

    The Best Security Suites of 2016

    The top security vendors have already done the background work for you, creating all-in-one security suites that integrate a variety of features.This article briefly mentions the many tests we use to evaluate security suites and determine which ones are best.
  • 5300c769af79e

    CylanceOPTICS: Endpoint Detection and Response Designed for CylancePROTECT Endpoints

    CylanceOPTICS is an artificial intelligence (AI) driven endpoint detection and response (EDR) solution designed to extend the prevention delivered by Cylance's award-winning product, CylancePROTECT, through AI driven root cause analysis, scalable threat hunting, and immediate response with consistent visibility into threats against endpoints.Download this paper to learn more about this EDR solution.