Hackers can use this vulnerability to carry out a wide range of cyber attacks including ransomware infection.
Home automation although not common as of yet is a very interesting technology. Taking your comfort to the next level, it allows you to control objects such as fans, bulbs, doors and much more through the use of a simple app. However, this also means lesser security with the increasing ease of use. This was demonstrated lately when Philips Hue Smart Light Bulbs were found to be vulnerable to cyber attacks.
To delve into the specifics, Philips uses the Zigbee communication protocol which allows different devices to communicate with each other using a common language, much like how Bluetooth or Wi-Fi works. Moreover, it is also widely found in the Internet of Things (IoT) industry including Amazon Echo.
Identified as CVE-2020-6007, Checkpoint, the cyber security firm behind the discovery hasn’t revealed the exact technical details but they have provided us with an overview of how the entire attack works.
Firstly, the attacker installs malicious firmware on the light bulb stealing control from the user. This can be done from the proximity of 100m so it is sufficient to assume that everyone can be vulnerable here. After all, who will stop a stranger using their laptop in a car parked outside your home?
