Latest in Home

Image credit:

Philips Hue susceptible to hack, vulnerable to blackouts (update)

Mariella Moon, @mariella_moon
August 14, 2013
Share
Tweet
Share

Sponsored Links

Oh, Philips. Why'd you have to make it so easy for ne'er-do-wells to go full Aiden Pearce on Hue smart light users? A recent study by researcher Nitesh Dhanjani reveals that Hue's control portal -- known as the bridge -- uses a shoddy authentication system when communicating with smartphones and computers. That system uses the bridge's MAC address, which is easy to detect. As such it's also easy to hack the device and cause a blackout.

In Dhanjani's demo video below, he introduces malware into the bridge through a compromised website. This lets him find the right MAC address and take control, turning the lights off again and again, ad infinitum, regardless of the switch's status. Sure, there's no immediate threat of widescale blackouts -- smart lighting has yet to be adopted en masse, after all -- but this is a security issue companies need to address, especially since lighting plays such a critical safety role.

Update (08/17/2013): In a statement sent to Engadget, a Philips Lighting spokesperson says:

In developing Hue we have used industry standard encryption and authentication techniques to ensure that unauthorized persons cannot gain access to lighting systems. An attack of the nature described requires that a computer on your private local network is compromised to send commands internally. This means there is very limited security risk if your home network is properly protected, as traffic passing between your devices and across the internet will remain fully secure. However, if an attack is made upon your home network, everything contained within that network can be compromised. Therefore our main advice to customers is that they take steps to ensure they are secured from malicious attacks at a network level, in order to protect all of their devices, including Hue.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
The best Cyber Week tech deals you can still get today

The best Cyber Week tech deals you can still get today

View
Amazon’s free news app on Fire TV now features local stations

Amazon’s free news app on Fire TV now features local stations

View
Razer Tomahawk modular gaming PC is now available for $2,400

Razer Tomahawk modular gaming PC is now available for $2,400

View
The first phone with an under-display camera goes on sale December 21st

The first phone with an under-display camera goes on sale December 21st

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr