Latest in Home

Image credit:

Philips Hue susceptible to hack, vulnerable to blackouts (update)

23 Shares
Share
Tweet
Share
Save

Sponsored Links

Oh, Philips. Why'd you have to make it so easy for ne'er-do-wells to go full Aiden Pearce on Hue smart light users? A recent study by researcher Nitesh Dhanjani reveals that Hue's control portal -- known as the bridge -- uses a shoddy authentication system when communicating with smartphones and computers. That system uses the bridge's MAC address, which is easy to detect. As such it's also easy to hack the device and cause a blackout.

In Dhanjani's demo video below, he introduces malware into the bridge through a compromised website. This lets him find the right MAC address and take control, turning the lights off again and again, ad infinitum, regardless of the switch's status. Sure, there's no immediate threat of widescale blackouts -- smart lighting has yet to be adopted en masse, after all -- but this is a security issue companies need to address, especially since lighting plays such a critical safety role.

Update (08/17/2013): In a statement sent to Engadget, a Philips Lighting spokesperson says:

In developing Hue we have used industry standard encryption and authentication techniques to ensure that unauthorized persons cannot gain access to lighting systems. An attack of the nature described requires that a computer on your private local network is compromised to send commands internally. This means there is very limited security risk if your home network is properly protected, as traffic passing between your devices and across the internet will remain fully secure. However, if an attack is made upon your home network, everything contained within that network can be compromised. Therefore our main advice to customers is that they take steps to ensure they are secured from malicious attacks at a network level, in order to protect all of their devices, including Hue.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
23 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Chicago will test Samsung's DeX in-vehicle solution in cop cars

Chicago will test Samsung's DeX in-vehicle solution in cop cars

View
Apple warns against storing its titanium credit card in leather

Apple warns against storing its titanium credit card in leather

View
Microsoft tests more control for apps that restart with Windows 10

Microsoft tests more control for apps that restart with Windows 10

View
Terminator T-800 and The Joker are coming to 'Mortal Kombat 11'

Terminator T-800 and The Joker are coming to 'Mortal Kombat 11'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr