Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Hack Philips Hue Smart Bulbs Using a Drone (pcworld.com)

Posted by BeauHD on from the reach-for-the-sky dept.

schwit1 quotes a report from PCWorld: "Researchers were able to take control of some Philips Hue lights using a drone. Based on an exploit for the ZigBee Light Link Touchlink system, white hat hackers were able to remotely control the Hue lights via drone and cause them to blink S-O-S in Morse code. The drone carried out the attack from more than a thousand feet away. Using the exploit, the researchers were able to bypass any prohibitions against remote access of the networked light bulbs, and then install malicious firmware. At that point the researchers were able to block further wireless updates, which apparently made the infection irreversible. 'There is no other method of reprogramming these [infected] devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied,' according to the researchers. The researchers notified Philips of the vulnerability. The company then delivered a patch for it in October." It wasn't long ago that claiming "Drones are controlling my lightbulbs!" would have gotten you locked up for your own protection.

4 of 50 comments (clear)

  1. Statement from ZigBee by almeida · · Score: 4, Informative

    ZigBee issued a press release today about this. They say the attack exploited a bug in one vendor's implementation of the protocol, not a weakness in the protocol itself.

  2. What's the role of the drone? by wvmarle · · Score: 3, Informative

    Both TFS and TFA are really light on technical details - can anyone shed some light on where the drone comes in play? And also the vulnerability itself - a default password or something more obscure?

    Another question would be of course why would those lights even have the ability to install new software in the first place. Is it really that hard to do software right, that no updates are needed for something as simple as a lamp?

    1. Re:What's the role of the drone? by wvmarle · · Score: 3, Informative

      I'd rather have the manufacturer do a decent job in building their software, so that updates aren't necessary. If they think the update option should be there, there should also be a factory reset option to recover from any problems with that.

  3. Re:Networked light bulbs are useless and stupid by Khyber · · Score: 3, Informative

    This. I work in lighting, specifically LED. Making an analog RGB control is dead fucking simple and we've got wiring that already exists to handle such a thing.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.