There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that’s also connected to your computers, smartphones, and other smart devices.
Whether it’s about exploiting operating system and software vulnerabilities or manipulating network traffic, every attack relies on the reachability between an attacker and the targeted devices.
In recent years, we have seen how hundreds of widely used smart-but-insecure devices made it easier for remote attackers to sneak into connected networks without breaking WiFi passwords.
In the latest research shared with The Hacker News, Check Point experts today revealed a new high-severity vulnerability affecting Philips Hue Smart Light Bulbs that can be exploited over-the-air from over 100 meters away to gain entry into a targeted WiFi network.
The underlying high-severity vulnerability, tracked as CVE-2020-6007, resides in the way Philips implemented the Zigbee communication protocol in its smart light bulb, leading to a heap-based buffer overflow issue.
ZigBee is a widely used wireless technology designed to let each device communicate with any other device on the network. The protocol has been built into tens of millions of devices worldwide, including Amazon Echo, Samsung SmartThings, Belkin Emo and more.
“Through this exploitation, a threat actor can infiltrate a home or office’s computer network over-the-air, spreading ransomware or spyware, by using nothing but a laptop and an antenna from over 100 meters,” the Check Point researchers told The Hacker News.
Check Point also confirmed that the buffer overflow happens on a component called the “bridge” that accepts remote commands sent to the bulb over Zigbee protocol from other devices like a mobile app or Alexa home assistant.
images from Hacker News