If you were hoping to drive someone a wee bit crazy by remote controlling their light bulbs you have probably missed your opportunity as Phillips have patched the vulnerability. This is a good thing as it was a very impressive flaw. Security researchers figured out a vulnerability in the ZigBee system used to control Phillips Hue smart light bulbs and they did not need to be anywhere near the lights to do so. They used a drone from over 1000 feet away to break into the system to cause the lights to flash and even worse, they were able to ensure that the bulb would no longer accept firmware updates which made their modifications permanent. Unpatched systems could be leveraged to turn all the lights off permanently, or to start an unexpected disco light show if you wanted to be creative. You can pop by Slashdot for a bit more information on the way this was carried out.
"Researchers were able to take control of some Philips Hue lights using a drone. Based on an exploit for the ZigBee Light Link Touchlink system, white hat hackers were able to remotely control the Hue lights via drone and cause them to blink S-O-S in Morse code. The drone carried out the attack from more than a thousand feet away."
Here is some more Tech News from around the web:
- NASA Puts its 3D Models Up on GitHub @ Hack a Day
- Google to patch Chrome mobile hole after bank trojan hits 318k users @ The Register
- Microsoft prises open Azure containers, pours in a little Kubernetes @ The Register
- TSMC board approves US$4.91 billion for capacity expansion @ DigiTimes
- Microsoft launches Skype Insiders Programme – but don't tell anyone @ The Inquirer
- Tobii Tracker 4C Review @ OCC