X10 Community Forum
💬General Category => General Discussion => Topic started by: dhouston on February 05, 2020, 12:37:10 PM
-
https://www.engadget.com/2020/02/05/philips-hue-signify-vulnerability/ (https://www.engadget.com/2020/02/05/philips-hue-signify-vulnerability/)
-
Yes. "researchers discovered that they could take control of a Hue light bulb and install malicious firmware."
I've often wondered to what lengths those researchers are willing to go... to find/create those vulnerabilities. There is good money in "discovering" otherwise undiscovered vulnerabilities in closed software code. Then selling solutions to the software owners. I've heard people joke about this being the new modern version of the "Black-hand Fire Insurance" of yesteryear. But... I don't know.
What I do know..... is no Hue light bulb user has ever had malicious code installed via a Hue light bulb.
-
To me, the article raises more concerns about Zigbee that Hue, seeing as the hackers use the Zigbee protocol to infect the home/business network...
-
...... seeing as the hackers use the......
What hackers? Where? This was a laboratory experiment. No one hacked anything. Generally these stories break only AFTER the code altering update has already been pushed.
-
To me, the article raises more concerns about Zigbee that Hue, seeing as the hackers use the Zigbee protocol to infect the home/business network...
ZigBee devices, by themselves, aren't exposed to the internet any more than X10 is but a cloud based controller would be and that's where the security has to be managed. https://courses.csail.mit.edu/6.857/2017/project/17.pdf
-
To me, the article raises more concerns about Zigbee that Hue, seeing as the hackers use the Zigbee protocol to infect the home/business network...
ZigBee devices, by themselves, aren't exposed to the internet any more than X10 is but a cloud based controller would be and that's where the security has to be managed. https://courses.csail.mit.edu/6.857/2017/project/17.pdf (https://courses.csail.mit.edu/6.857/2017/project/17.pdf)
Yes and no - Section 5.2 of the cited PDF quotes Zigbee saying the Philips Hue hack was due to... an internal implementation error made by Philips
rather than a flaw in the Zigbee standards.