Monday , June 5 2023

Hackers took away Philips Hue


Connected items are a popular item for many hackers peebecause they are usually misbehaving. A popular joke on the net is that the "S" in "IoT"It stands for 'security.' Now US security researchers have Forescout in the context of studying, among other things, the smart light. Philips Hue explained.

These are connected via the local WiFi network through a so-called "bridge". This makes it possible to control the smart lights through a programming interface. However, the token needed for authentication is delivered in plain text – and so is the weak point. It can be hit by attackers in the network, who can also send commands to the Hue light. However, not much is possible except "Light On" or "Light Light" or "Blink Blink".

However, you can add a second user, who can then regularly damage if the owner of the lamp tries to intervene. With the second user, you can also unlock access from outside. This can then trigger infinitely many attacks, according to Forescout.

Network intrusion

In order to penetrate the local network, there are various possibilities for potential attackers. You could use phishing email addresses to infect potentially networked devices or smuggle USB sticks with malicious software if you have physical access. Another attack vector is the universally popular "human vulnerability". However, security researchers themselves just wanted to show in their study what is possible and how insecure IoT networks can be.

the Philips Hue wasn't hacked for the first time: A breach in the ZigBee wireless standard, with which smart home devices interconnect, has enabled Isreal security researchers to extract a security key. This made it possible to emphasize manipulated firmware of the tinted lamps. For this vulnerability, which already emerged in 2016, has Philips However, a patch is provided. This security problem cannot be exploited.

Source link