Philips and its parent company Signify have patched another Hue smart light bulb vulnerability. Fortunately, the flaw was discovered by security researchers at CheckPoint Software, and it's unlikely that it was exploited in the wild. But this isn't the first time researchers have shown how smart home products, and Hue lights specifically, could give hackers access to entire home or business networks.
The researchers discovered that they could take control of a Hue light bulb and install malicious firmware. Then, they'd be able to mess with the light, changing color and brightness. If the user tried to reset the bulb, by deleting it from the app and then reconnecting it, the hackers would be able to deploy the malicious firmware and use the ZigBee protocol to connect to the targeted business or home network. Finally, the hackers would be able to spread ransomware or spyware throughout the network.
CheckPoint notified Philips and Signify of the vulnerability in November, and Signify issued a patch (Firmware 1935144040) several weeks ago. If your Philips Hue Hub is connected to the internet, it should have automatically updated, but it is worth double checking.
According to Signify, Hue lights produced in 2018 or later do not include the vulnerability. "There is very limited risk to users but they should always make sure their Philips Hue products have been updated to the latest software version," Signify said in a statement provided to Engadget.
As The Verge notes, the Zigbee protocol used in this exploit is also used by other smart home brands, like Amazon's Ring, Samsung SmartThings, Honeywell thermostats and Comcast's Xfinity Home alarm system. While those products aren't necessarily at risk, the Philips Hue vulnerability does raise the question of how safe our smart home products really are. If you're worried about your connected devices, you can check out our guide to keeping your smart home secure.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget
Canon takes on Sony's A7 series with the full-frame EOS R6 camera