Security News > 2022 > October > Make your neighbor think their house is haunted by blinking their Ikea smart bulbs
A couple of vulnerabilities in Ikea smart lighting systems can be exploited to make lights annoyingly flicker for hours.
Jonathan Knudsen, head of global research at Synopsys Cybersecurity Research Center, led a team that discovered the vulnerabilities by fuzzing Ikea's Tradfri bulbs and their gateway via Zigbee Light Link, the wireless protocol the devices use to communicate and receive commands.
In a couple write-ups about the bugs, the researchers described how CVE-2022-39064, the vulnerability in the Tradfri smart bulbs, could be exploited by sending a single malformed Zigbee frame over the air that makes the light blink.
"After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the Ikea Home Smart app or the Tradfri remote control," the team noted.
CVE-2022-39064 is related to a second vulnerability, CVE-2022-39065, that affects the Ikea Tradfri smart lighting gateway, which controls the lights.
Similar to the bulb bug, a malformed Zigbee frame renders the gateway unresponsive so that it can't control the connected lights and other devices via the Ikea Home Smart app.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/10/08/buggy_ikea_smart_bulbs/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-14 | CVE-2022-39065 | Unspecified vulnerability in Ikea Tradfri Gateway E1526 Firmware 1.17.44 A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. low complexity ikea | 6.5 |
| 2022-10-14 | CVE-2022-39064 | Unspecified vulnerability in Ikea Tradfri Led1732G11 Firmware An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. low complexity ikea | 8.1 |