Hackers can use flaw in Philips smart light bulbs to spread malware

Hackers can use this vulnerability to carry out a wide range of cyber attacks including ransomware infection.

Home automation although not common as of yet is a very interesting technology. Taking your comfort to the next level, it allows you to control objects such as fans, bulbs, doors and much more through the use of a simple app. However, this also means lesser security with the increasing ease of use. This was demonstrated lately when Philips Hue Smart Light Bulbs were found to be vulnerable to cyber attacks.

To delve into the specifics, Philips uses the Zigbee communication protocol which allows different devices to communicate with each other using a common language, much like how Bluetooth or Wi-Fi works. Moreover, it is also widely found in the Internet of Things (IoT) industry including Amazon Echo.



Identified as CVE-2020-6007, Checkpoint, the cyber security firm behind the discovery hasn’t revealed the exact technical details but they have provided us with an overview of how the entire attack works.

Firstly, the attacker installs malicious firmware on the light bulb stealing control from the user. This can be done from the proximity of 100m so it is sufficient to assume that everyone can be vulnerable here. After all, who will stop a stranger using their laptop in a car parked outside your home?

When a user realizes that the lamp’s status is unreachable in the app used to control it and functions such as light control are not working, they naturally by instinct would reset it.

But resetting is only possible by deleting the app so the user is forced to re-install the app “instructing the control bridge to re-discover the bulb.” The catch here though is that the bulb discovered after re-installation is a malicious one and not the user’s original. Unheeded, the user adds it to his network.


This bulb then “uses the ZigBee protocol vulnerabilities to trigger a heap-based buffer overflow on the control bridge, by sending a large amount of data to it.” Using this opportunity, the attacker can successfully install malware gaining access to one’s network. This in return can be used for different purposes ranging from spreading simple viruses to all-out ransomware along with remotely hacking other devices connected to the same network.

Watch the demonstration video:

Nonetheless, users can rest assured knowing that since the vulnerability was disclosed to Philips in November 2019, a patch has been issued under firmware 1935144040. Therefore, users are recommended to make sure their devices received an automatic update.


For those of you interested in knowing more, look out for a future report as currently, both Checkpoint and Philips wanted to give users sufficient time for updates to ensure everyone is secure.

A takeaway from this is that other companies focusing on IoT solutions need to exert more effort on ensuring the security of their products as a lot is at stake if an attacker gets successful. Additionally, users can also pay more attention to how security works for such devices to avoid falling into such traps.

You may also like...

Leave a Reply

Pin It on Pinterest

Share This