This news comes from cybersecurity research firm Checkpoint, which published a blog post exposing the flaw. When this was originally pointed out several years ago, companies found a way to stop what was at the time a bulb-hopping attack. Checkpoint says that, while this fix was deployed at the time, the basic vulnerability in the Hue bulb is still there, and can still be used for mischief. [Read: You’re going to want this latest version of Firefox, trust us] To make this work, a hacker would have to take control of one bulb, then fiddle with its color and brightness enough to make the owner think something was wrong with it. The owner would have to delete, then “rediscover” the infected bulb on their app, at which point it would flood the control bridge with malware via a vulnerability in the device’s Zigbee protocol. From there, the hacker can infiltrate the home network to which the bridge is attached. Here’s how it looks in action: Double-check to make sure your Philips Hue Hub is updated to firmware version 1935144040. This is the patched version Philips released last month, and you can find out whether you have it by checking the “software update” part of the Hue app’s settings menu. Hopefully most of you Philips owners (and anyone else with a Zigbee-based device) get your updates automatically, and you’ll already have it by now. And if one of your Hue bulbs starts malfunctioning, flickering, etc… I don’t know, maybe throw it out a window, just to be safe?
