[ Continue reading this over at RedmondPie.com ]
It’s increasingly popular to have smart devices in the home. These devices connect to your Wi-Fi so you can control them with an app. You’ll find things like smart kettles, smart thermostats, and smart locks.
One of the most popular smart home gadgets is smart lighting. With these light bulbs, such as the popular Philips Hue line, you can change the color and brightness of your home lighting from your phone.
However, smart light bulbs are not without their risks. Here are some of the security issues that smart lighting can cause and some tips on how to secure them.
How Hacked Philips Hue Bulbs Can Spread Malware
Like anything connected to your Wi-Fi network, smart light bulbs can pose a security threat. In fact, there have been several instances of security vulnerabilities being discovered with these devices in the last few years.
In early 2020, security researchers at Check Point Research revealed how they were able to install malware on a network via Philips Hue smart bulbs. They were able to jump from vulnerabilities in the smart light bulbs to accessing other devices on the network, such as computers, tablets, and phones. Here’s how it worked:
- The hackers exploit a vulnerability in the wireless protocol which control the smart light bulb. This allows them to change the color and brightness of the bulb.
- The user notices the bulb behaving strangely, so opens up the app. They see the bulb listed as “unreachable.” Then they try to reset it.
- The central hub for the bulbs, called the bridge, adds the compromised bulb to its network.
- Now the hacked bulb is able to bombard the bridge with data and install malware on it.
- The bridge is connected to the user’s home network. Once the hackers control the bridge, they can access that network. They can also use the bridge to send data back to them.
This method could be used to install malware such as spying programs on devices on the network. Philips has since released a software patch to mitigate this issue, so make sure you update your Hue bulbs’ firmware.
Other Security Vulnerabilities in Smart Light Bulbs
This follows from another issue with Philips Hue bulbs uncovered in 2018. Researchers at Pen Test Partners discovered they were able to hack the bulbs quite easily. This was because the API keys, which are codes that developers use to pull information from elsewhere, were not properly secured. These keys were left in plain text, not encrypted, which makes them easy to access.
In order to protect a Hue system, the user must have a strong Wi-Fi key. If they do not, it’s simple for hackers to access the bulbs. They could do things like changing the color of the bulbs or making them flash.
Philips Hue has since added support for SSL, which is a way to encrypt traffic securely. This should make the Hue devices much safer than they were before.
How Smart Light Bulbs Compromise Your Home Network
People often think they don’t need to worry about the security of the smart home devices. They think that even if hackers could access their smart kettle or smart light bulbs, so what? That doesn’t sound like a serious security problem.
The issue is that once hackers have a foothold in a smart device, they can then access other parts of the network. This can be done through a process called lateral privilege escalation.
This is where hackers access a low-level, low-security device like a smart light bulb. Then they are able to use this low-level access to find flaws in the architecture of the devices. Once they have found these bigger flaws, they can exploit them to access more sensitive devices such as security cameras.
Eventually, hackers may be able to hack their way up the chain until they can access your router, and use this to access other devices on your network.
How to Protect Your Smart Home Devices
Any device which is connected to a network is a potential security threat. So if you’re going to use smart light bulbs, you should take steps to secure them. Here are some tips for securing your smart light bulbs, as well as other smart devices in your home:
- Always change the default password. Most smart devices have password protection. But people often forget to change the password when they get a new device. Any device with a default password is very easy to hack. So make sure you always have unique, hard to guess passwords on all your smart devices.
- Keep firmware up to date. When a security vulnerability is discovered, the manufacturer will issue software to patch it. If you don’t update your firmware, your device will be vulnerable to a known security issue. Make sure to update your device regularly and enable automatic updates.
- Enable two factor authentication. Some smart devices (including smart lighting) may offer two-factor authentication. This is where you need a code generated by your smartphone as well as a password to log in to the device. If this is available it will make it much harder for hackers to access your devices.
- Put smart devices on a guest network. If your router supports it, you can create a guest Wi-Fi network. This is a network which allows access to the internet, but limits access to other devices and functions. Connecting smart devices to the guest network will limit a hacker’s access to your network, even if they are able to compromise your smart devices.
Secure Smart Light Bulbs Keep Your Home Network Safe
In order to protect your home network, you need to make sure that your smart light bulbs are up to date and as secure as possible. The same is true for other smart home products and Internet of Things (IoT) devices you have in your home.
To learn more about the security issues around IoT devices, see our list of scary IoT hacks that really happened.
Read the full article: How Smart Light Bulbs Can Put Your Home Network at Risk