Security News > 2020 > February > Smart Lightbulbs Used to Compromise Home and Business Networks
Researchers have demonstrated an ability to compromise an IoT smart bulb, and then use malware from the internet-connected bulb to infiltrate the rest of a network - regardless of whether that is a home or office.
In 2016, earlier researchers were able to compromise Philips Hue lightbulbs with malicious firmware, and then propagate to other adjacent lightbulbs.
Now researchers at Check Point have been able to use this initial vulnerability to compromise the lightbulb and use it as a platform to take over first the controlling bridge, and then - using vulnerabilities in the ZigBee communication protocol - to propagate to other devices on the network.
"Check Point's researchers," said the firm in a blog report, "Showed how a threat actor could exploit an IoT network to launch attacks on conventional computer networks in homes, businesses or even smart cities."
"Many of us are aware that IoT devices can pose a security risk," said Yaniv Balmas, head of cyber research at Check Point, "But this research shows how even the most mundane, seemingly 'dumb' devices such as lightbulbs can be exploited by hackers and used to take over networks, or plant malware. It's critical that organizations and individuals protect themselves against these possible attacks by updating their devices with the latest patches and separating them from other machines on their networks, to limit the possible spread of malware. In today's complex fifth-generation attack landscape, we cannot afford to overlook the security of anything that is connected to our networks."