There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices.

Whether it's about exploiting your operating system and software vulnerabilities or manipulating network traffic, every attack relies on the connection between an attacker and the targeted devices.

In recent years, we have seen how hundreds of widely used smart-but-insecure devices made it easier for remote attackers to sneak into connected networks without breaking Wi-Fi passwords.

In the latest research, Check Point experts revealed a new high-severity vulnerability affecting Philips Hue Smart Light Bulbs that can be exploited over-the-air from over 100 meters (300+ feet) away to gain entry into a targeted Wi-Fi network.

The high-severity vulnerability is based on the way Philips implemented the Zigbee communication protocol in its smart light bulb.

ZigBee is a widely used wireless technology designed to let each device communicate with any other device on the network. The protocol has been built into tens of millions of devices worldwide, including Amazon Echo, Samsung SmartThings, Belkin Emo and more.

Through this vulnerability, a hacker can infiltrate a home or office's computer network, spreading ransomware or spyware, by using nothing but a laptop and an antenna from over 100 meters.

Check Point also confirmed that the vulnerability happens on a component called the "bridge" that accepts remote commands sent to the bulb over the Zigbee protocol from other devices like a mobile app or Alexa home assistant.

Many of us are aware that IoT (Internet of Things – smart home) devices can pose a security risk, but this research shows how even the most mundane, seemingly 'dumb' devices such as lightbulbs can be exploited by hackers and used to take over networks, or plant malware.

It's critical to protect your business and family against these possible attacks by updating your devices with the latest patches and separating them from other machines on your networks, to limit the possible spread of malware.

In today's complex cyberattack landscape, we cannot afford to overlook the security of anything that is connected to our networks."

If automatic firmware update download feature is not enabled, affected users are recommended to manually install patches and change settings to revive future updates automatically.

Full Post at:
By Mohit Kumar on Feb 5, 2020