Latest in Home

Image credit:

Philips Hue susceptible to hack, vulnerable to blackouts (update)

23 Shares
Share
Tweet
Share
Save

Sponsored Links

Oh, Philips. Why'd you have to make it so easy for ne'er-do-wells to go full Aiden Pearce on Hue smart light users? A recent study by researcher Nitesh Dhanjani reveals that Hue's control portal -- known as the bridge -- uses a shoddy authentication system when communicating with smartphones and computers. That system uses the bridge's MAC address, which is easy to detect. As such it's also easy to hack the device and cause a blackout.

In Dhanjani's demo video below, he introduces malware into the bridge through a compromised website. This lets him find the right MAC address and take control, turning the lights off again and again, ad infinitum, regardless of the switch's status. Sure, there's no immediate threat of widescale blackouts -- smart lighting has yet to be adopted en masse, after all -- but this is a security issue companies need to address, especially since lighting plays such a critical safety role.

Update (08/17/2013): In a statement sent to Engadget, a Philips Lighting spokesperson says:

In developing Hue we have used industry standard encryption and authentication techniques to ensure that unauthorized persons cannot gain access to lighting systems. An attack of the nature described requires that a computer on your private local network is compromised to send commands internally. This means there is very limited security risk if your home network is properly protected, as traffic passing between your devices and across the internet will remain fully secure. However, if an attack is made upon your home network, everything contained within that network can be compromised. Therefore our main advice to customers is that they take steps to ensure they are secured from malicious attacks at a network level, in order to protect all of their devices, including Hue.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
23 Shares
Share
Tweet
Share
Save

Popular on Engadget

Netflix says 26.4 million accounts watched ‘The Irishman’ in its first week

Netflix says 26.4 million accounts watched ‘The Irishman’ in its first week

View
'Final Fantasy 7 Remake' will be a PlayStation exclusive until 2021

'Final Fantasy 7 Remake' will be a PlayStation exclusive until 2021

View
Google Chrome will warn you if your logins have been stolen

Google Chrome will warn you if your logins have been stolen

View
iOS 13.3 arrives with improved parental controls

iOS 13.3 arrives with improved parental controls

View
AT&T starts showing pause ads with motion and sound on DirecTV

AT&T starts showing pause ads with motion and sound on DirecTV

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr