Oh, Philips. Why’d you have to make it so easy for ne’er-do-wells to go full Aiden Pearce on Hue smart light users? A recent study by researcher Nitesh Dhanjani reveals that Hue’s control portal — known as the bridge — uses a shoddy authentication system when communicating with smartphones and computers. That system uses the bridge’s MAC address, which is easy to detect. As such it’s also easy to hack the device and cause a blackout.
In Dhanjani’s demo video below, he introduces malware into the bridge through a compromised website. This lets him find the right MAC address and take control, turning the lights off again and again, ad infinitum, regardless of the switch’s status. Sure, there’s no immediate threat of widescale blackouts — smart lighting has yet to be adopted en masse, after all — but this is a security issue companies need to address, especially since lighting plays such a critical safety role.
Filed under: Internet
Source: Nitesh Dhanjani