I’ll bet some of you have smart bulbs installed. This proof of concept [PoC) is another reason why IoT vendors need to constantly push firmware upgrades and up their security investment in smart home devices and why it might not be smart to just resort to consumer’s manual updates.
Check Point’s blog reported on a proof of concept proximity attack (PoC) discovered by their researchers. They demonstrate how a Phillips Hue Smart Light Bulb can be exploited over the air using a laptop and an antenna from a distance of 100 meters. Smart Bulbs and other home IoT devices use the Zigbee communications protocol. It’s a low-power, low bandwidth, low data rate, close proximity personal area network /[wireless ad hoc network. It also incorporates a mesh network that operates in the 2.4GHz band (similar to WiFi). Zigbee has a potential 1500 meters range in best conditions. The signal, like WIFI, degrades going through construction materials or when its line of sight is blocked by obstructions. The mesh methodology can be used to extend the network around them. In this POC they discovered and used a high-severity vulnerability, tracked as CVE-2020-6007, to get to the “control bridge”. The CVE is based on a heap-based buffer overflow issue. The POC was reported to Phillips who issued a firmware upgrade.
The Checkpoint researchers claim that it’s possible to gain entry and even hack a “smart city” through such devices. Since Zigbee can support up to 65,000 nodes on a single network I guess that’s possible.
"Back in 2017, a team of academic researchers showed how they can take over and control smart lightbulbs and how this, in turn, allows them to create a chain reaction that can spread throughout a modern city. Their research brought up an interesting question: Could attackers somehow bridge the gap between the physical IoT network (the lightbulbs) and attack even more appealing targets, such as the computer network in our homes, offices or even our smart city?
Demo of Smart Bulb attack