New study details a security flaw with Philips Hue smart bulbs
Less than two weeks after a massive botnet attack powered largely by insecure web-connected home devices brought much of the internet to a temporary standstill, researchers are detailing an apparent security flaw with Philips Hue smart bulbs, and potentially other devices that communicate using ZigBee transmissions, too.
The report, titled "IoT Goes Nuclear," explains how researchers from Israel's Weizmann Institute of Science and Dalhousie University in Halifax, Nova Scotia, Canada, were able to remotely hack Philips Hue bulbs from either a car or a drone at a distance of 229 feet (about 70 meters). Their method involved tricking the lights into accepting a malicious firmware update -- from there, the hackers were able to take control of the bulbs and force them to flash against their will.
That might not sound so bad, but the researchers warn that their technique could be used to control massive amounts of lights all at once in a densely populated area, which could theoretically be used to damage a city's electrical grid.