Tag Archives: Philips

Vulnerability Within Philips Hue IoT Devices Disclosed

====================
TL;DR
If you use Philips Hue lightbulbs and/or the Philip Hue bridge, please make certain they are using the most recent firmware available.
====================

While the technological benefits and added convenience of Internet of Things (IoT) (defined) devices are well known, their increasing functionality/complexity is leading security researchers to target them. A recent example is the high severity vulnerability reported to Signify (owner of the Philips brand) within the Philip Hue bulbs and bridge. The vulnerability has been designated CVE-2020-6007 (defined)

How severe is this vulnerability?
While this vulnerability is of high severity it requires significant user interaction and would also require that the affected Philips Hue lightbulb be already compromised by an attacker by installing malicious firmware on it. The Philips Hue app on the victim’s smartphone is used to controls the bulbs, the attacker could then convince the victim to remove and re-add the bulb to the app.

What is the result of exploiting this vulnerability?
While the compromised bulb is being added or “commissioned” the compromised firmware of the bulb is used to exploit the Philips Hue Bridge. Once complete the attacker can then laterally traverse (defined) the victim’s business or home network by exploiting known vulnerabilities of other devices on the network e.g. the Microsoft Windows EternalBlue vulnerability on a Windows system.

How can I protect my organisation or myself from this vulnerability?
If you use Philips Hue lighting with the Hue Bridge, please update both the lighting and bridge to the most recent firmware available. Version Firmware 1935144040 (Bridge V2) and Software version: 1.65.9_hB3217DF4 for lights and later address this vulnerability. Please also strongly consider placing IoT devices such as these on segmented networks e.g. guest wireless networks for WiFi devices and VLANs (defined) for wired devices.

In this instance, the Hue Bridge could be placed on a VLAN to increase security (namely if the device is exploited it cannot be used to traverse further into your network). However, this increased security may result in reduced functionality if not implemented correctly.

Thank you.

====================
References:

The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb
https://blog.checkpoint.com/2020/02/05/the-dark-side-of-smart-lighting-check-point-research-shows-how-business-and-home-networks-can-be-hacked-from-a-lightbulb/

What are IoT devices?
https://news.sophos.com/en-us/2015/10/26/what-is-the-internet-of-things/

What is EternalBlue?
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

What is lateral movement (pivoting)?
https://www.fireeye.com/blog/executive-perspective/2015/08/malware_lateral_move.html

What is a VLAN?
https://kb.netgear.com/24720/What-is-a-VLAN

How to isolate a VLAN containing IoT devices
https://community.ui.com/questions/HomeKit-on-Isolated-VLAN/2fd20346-59df-4662-9559-0ecac7ec83cb

Philip Hue Firmware Release Notes
https://www2.meethue.com/en-us/support/release-notes