Philips Hue is a popular smart home lighting system. This smart lighting system provides you with flexibility and ease in controlling, and diverse customizations in terms of colour range and functionalities that a typical light bulb cannot provide you. However, there can be vulnerabilities in these new Internet of Things products due to lack of security hardening or challenges in adopting existing security solutions into them.
With reference to the previous post, HomeScan [1, 2] has discovered a vulnerability in the Philips Hue lighting system that leads to hijacking a Philips Hue bulb which is already connected with a victim’s hub at the presence of a malicious hub. As stated by HomeScan, the vulnerability introduced due to the use of the existing communication protocol ‘ZigBee’ by the Philips Hue bulbs as a low power solution. Specifically, Philips Hue uses ZigBee Light Link (ZLL) protocol. It allows the ZigBee enabled bulb to accept and reply to the discovery beacons even after the bulb is already connected to a hub. Consequently, a malicious hub can discover the victim’s bulb by sending a discovery beacon. Following that the attacker can launch the ZLL authentication which results in the bulb disconnect itself from the victim’s hub and establish authentication with the malicious hub.
Here, is the attack demo video showing how the Philips Hue bulb is hijacked by the malicious hub over the ZigBee network. This demo uses the Perytons tool and a USB pluggable sniffing stick that supports ZigBee traffic capturing. This traffic was captured at the presence of a real Philips Hue bulb and two Philips Hue Hubs (one as the benign or belongs to the victim and the other as the malicious or belongs to the attacker). There are several other vulnerabilities that were discovered by HomeScan from including Chromecast and LIFX devices. You can check the HomeScan demo site for other findings.
References
[1] Scrutinizing Implementations of Smart Home Integrations. Kulani Mahadewa, Kailong Wang, Guangdong Bai, Ling Shi, Yan Liu, Jin Song Dong, and Zhenkai Liang. IEEE Transactions on Software Engineering, TSE 2019
[2] HOMESCAN: Scrutinizing Implementations of Smart Home Integrations. Kulani Mahadewa, Kailong Wang, Guangdong Bai, Ling Shi, Jin Song Dong and Zhenkai Liang. 23rd International Conference on Engineering of Complex Computer Systems, ICECCS 2018, Melbourne, Australia, December 12-14, 2018