Philips Hue, arguably the most popular smart lighting system for the connected home, suffers from a nasty vulnerability that could permit bad actors to attack your whole home network.
Say hello to hackable smart lights
At issue is the Hue bulbs’ usage of the Zigbee communication protocol that helps various smart home devices communicate with each other. The vulnerability, discovered by Check Point security researchers, permits attackers to assume control of the Hue Bridge, an accessory used to connect the smart bulbs to the rest of the user’s home network.
AppleInsider has more on that:
Using a Zigbee antenna, the would-be attacker can force one of the bulbs to be pushed off the smart home device network entirely, before putting malicious code into the bulb itself. If the user then tries to bring the suddenly faulty bulb live by re-pairing it in the Hue app, the malware can be spread from the bulb to the Hue Bridge, which in turn is connected to the router. Once the malware reaches the Hue Bridge, the attacker can have access to the rest of the network, enabling further attacks to take place.
Wow, that sounds really bad. Here’s a video showing this vulnerability in action.
A firmware fix (version 1935144040) will be rolled out to all affected Philips Hue bulbs within a few weeks, but real damage has already been done and it’s not just bad PR because examples like this are bound to erode consumer confidence in the Internet of Things over the long term.
Yaniv Balmas, head of cyber research at Check Point Research:
Many of us are aware that Internet of Things devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as lightbulbs can be exploited by hackers and used to take over networks or plant malware.
Enough said.
The smart home — a work in progress
Former Apple executive Jean-Louis Gassée thinks the slow pace of progress in the connected home arena is a good thing because it gives us time to consider new technical and societal challenges. In his mind, Gassée sees two Internet of Things: a professional version for industry and a less mature version for consumers.
And while the industrial Internet of Things continues to prosper, its consumer counterpart has, in Gassée’s own words, made “very little progress” in the past six years:
For consumers, technology should get out of the way — it’s a means, not an end. Consumers don’t have the mindset or training of IT techies, they don’t have the time or focus to build a mental representation of a network of devices, their interactions and failure modes. […]
How to represent in one’s mind a home network of IoT objects that connect the heating and cooling systems, security cameras, CO and fire sensors, the washer, dryer, stove, fridge, entertainment devices, and under-the-mattress sleep monitoring pads. This may be an exaggerated example, but even with a small group of objects, how does a normal human configure and manage the network?
Another problem with the smart home is the issue with obsolesce.
The Sonos example
As you may have heard, Sonos recently got in trouble for suggesting its newer devices won’t be updated if the older devices remain in use. While the company has since walked that back, the whole situation raised the valid question: What happens when your smart home is obsolete?
Meanwhile, Apple is staffing its HomeKit team to better compete with Google and Amazon.
Industry players come together
Be that as it may, It would seem that industry giants have acknowledged the pretty sad state of affairs when it comes to the connected home. Last December, for example, the Cupertino tech giant along with Amazon, Google, the Zigbee Alliance and others came together in a grand attempt to unify the broken environment for smart home appliances.
Their open source initiative, dubbed Connected Home over IP, hopes to enable compatibility for smart home products from different vendors and bring order to the current smart home chaos. Apple’s participation in the initiative should also help HomeKit gain a leg up in the smart home wars going forward, as well as help devices from other makers be more secure.
Your experience with the connected home
What’s your take on the current stated of the smart home?
Do you use any smart appliances in your home that work with HomeKit or one of the competing software systems that power the connected home?
Chime in with your thoughts in the comments down below.