Hackers can hijack your house through your light bulb, researchers discover

Market-leading Philip Hue smart bulb could allow cyber criminals to spy on users

Anthony Cuthbertson
Wednesday 05 February 2020 12:04 GMT
Comments
Check Point researchers demonstrated how the vulnerability gave hackers access to people's home network
Check Point researchers demonstrated how the vulnerability gave hackers access to people's home network (Check Point)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Homes and businesses that use smart light bulbs are at risk of being hacked and even spied on, new research has revealed.

The vulnerability, which affects the market-leading Philip Hue smart bulb, was discovered by researchers at security firm Check Point, who claim cyber criminals could use it to plant spyware or ransomware on home networks.

It works by exploiting a flaw with the popular ZigBee protocol, which is commonly used within wireless networks.

"Many of us are aware that smart devices can pose a security risk, but this research shows how even the most mundane, seemingly 'dumb' devices such as light bulbs can be exploited by hackers and used to take over networs, or plant malware," said Check Point researcher Omri Herscovici​.

"It is critical that organisations and individuals protect themselves against these possible attacks by updating their devices with the latest patches and separating them from other machines on their networks, to limit the possible spread of malware."

The researchers informed Philips of the vulnerability, who have since issued a security patch through its website. Check Point urged owners of the light bulb to update their devices immediately.

The research once again raises questions about the security of internet-connected devices that are increasingly used in people's homes.

Everything from toasters to baby monitors have been discovered with serious flaws that endanger the people who use them.

A recent investigation by UK consumer watchdog Which? revealed that thousands of smart security cameras could be vulnerable to hackers.

The Philips Hue smart bulb 'could allow hackers to plant spyware' within people's homes (Philips )
The Philips Hue smart bulb 'could allow hackers to plant spyware' within people's homes (Philips ) (Philips)

Smart light bulbs, which have limited capabilities compared to other smart appliances like fridges and TVs, may seem relatively harmless as a technology, but Check Point's research is not the first time issues have been discovered with them.

Last year, researchers at the University of Texas discovered security holes in popular smart bulb brands that cause them to leak information when exposed.

"Think of the bulb as another computer. Any data can be stolen: texts or images. Anything that is stored in a computer," University of Texas professor Murtuza Jadliwala said at the time.

"These bulbs are now poised to become a much more attractive target for exploitation even though they have very simple chips."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in