A remote code execution vulnerability in the Zigbee protocol allowed researchers to hack a Hue smart bulb and use that as a beachhead to compromise an entire network.
Security Researchers at Check Point have demonstrated how to exploit a vulnerability in a Philips Hue smart bulb (CVE-2020-6007) and then pivot to compromise the Hue hub controller which is attached to the main LAN and from there attack the rest of the network.
The attack requires some user action as the hacked bulb has to be deleted and re-connected to the Hue Hub device in order for the exploit to be triggered. However in the realm of IoT devices, removing and reconnecting misbehaving devices is usually the only action end users can take in order to reset a malfunctioning device. In the exploit demonstration, the attackers caused the compromised bulb to flicker prompting the user to follow the ‘remove and re-add’ procedure in order to reset the device.
A short film of the attack in action is available on the Check Point website.
This research underlines the value of network segmentation so that a vulnerability in less secure IoT devices cannot be leveraged to attack higher value devices on the same network.
The Hue vulnerability is fixed in firmware version 1935144040.