Zigbee is one of the wireless protocols that smart home devices commonly use to talk to each other. Now, a new report from the security research firm Check Point details a vulnerability with those Zigbee transmissions that could allow a hacker armed with little more than a laptop into your home network from as far as 100 meters away.
The attack in question exploits the signals sent between Philips Hue smart bulbs, one of a number of high-profile smart home devices that communicate via Zigbee. A hacker with a laptop and a Zigbee antenna tricks the system into kicking a bulb off of the network, then implants that bulb with malicious code. If the user deletes the suddenly unresponsive bulb from the Hue app and attempts to re-pair with it, they’ll spread that malware from the bulb to their Hue Bridge, the central Philips Hue control device which you wire to your router. That’s not good.
Check Point sent their findings to Signify, which owns the Philips Hue brand, and plans to release a full report on the vulnerability once manufacturers have had time to issue a patch for it. Signify has a firmware fix ready to go today, so Philips Hue users will want to be sure to download and install it from the settings section of the Hue app.
“We are committed to protecting our users’ privacy and do everything to make our products safe,” says George Yianni, Head of Technology Philips Hue. “We are thankful for responsible disclosure and collaboration from Check Point — it has allowed us to develop and deploy the necessary patches to avoid any consumers being put at risk.”