Smart light bulbs like those of the Philips Hue are pretty cool, right? They can change to different shades of colors at the touch of a button, turn on and off at different times of the day, or can be programmed to turn on or off when someone enters/leaves the room. All these neat features that you don’t need to think too much about.
They are also security nightmares, at least according to researchers who recently demonstrated a hack in which they used nothing more than a drone to hijack smart light bulbs, causing them to turn on or off at will, or causing them to strobe and flicker which can be rather uncomfortable to watch.
How this was done was by exploiting a weakness in the Touchlink aspect of the ZigBee Light Link system, thus bypassing whatever safeguards were put into place. To some it might not seem like such a big deal, but what if the entire city were to start adopting smart light bulbs? Imagine a drone being able to knock out the lights to an entire city with one simple worm, not that’s a pretty scary thought.
The good news is that Philips has since patched the flaw after the researchers pointed it out to them, although the New York Times seems to think that the company might be downplaying the seriousness of it. According to Beth Brenner, a Philips spokeswoman, “We have assessed the security impact as low given that specialist hardware, unpublished software and close proximity to Philips Hue lights are required to perform a theoretical attack.”
Either way this isn’t the first time that we’re seeing IoT/connected objects being hacked, so if anything hopefully this signals the need for some kind of standardized security protocol that should be put into place.