Should you worry about the smart home device hack in the news this week?

Maybe.

If you pay any attention to smart home automation or general technology news, you could hardly have escaped seeing the numerous articles about the security flaw discovered in Philips Hue smart bulbs. However, in truth, this is based on the same vulnerability that was discovered four years ago by security researchers, which had been only partially addressed.

In the previous instance, the hackers had exploited a flaw in the low-power wireless smart device communication protocol enabling one compromised smart light bulb to topple the rest connected to a smart home hub as if they were so many dominoes. This chain-reaction vulnerability was addressed soon after it was found by updating the firmware in the bulbs. However, this new hack shows that it is still possible to infect a network through the smart bulbs.

Granted, this new hack relies on social engineering. By hacking into the smart bulb, the attacker is able to control the color, dimness setting, and power of the bulb. Most users of IoT devices have become accustomed to the tactic of removing a troublesome device from the smart home hub and then adding it back to the network. When the user does this, the malware is now able to access the hub directly.

You may be thinking, “So what? It’s a lightbulb.” The real risk comes from the fact that the smart home hub is on the home Wifi network with other devices in your home, such as your personal and work computers and your smart phone. Those other devices are now at risk.

Philips is a responsible company with a huge market share, and when the firm was made aware of the vulnerability, a firmware update was issued to patch it. But there are dozens of other manufacturers out there making smart bulbs. Who knows if those other companies have updated firmware for their products.

Of course, the larger problem is that it is not just smart bulbs that are potentially open to attack. Because the vulnerability is within the ZigBee communication protocol itself, countless other devices which use it may also be at risk of exploit. Common IoT devices that use the same protocol include Amazon Alexa, Samsung SmartThings, Belkin’s WeMo, Ikea’s Tradfi lighting, smart thermostats made by Honeywell and Yale’s smart locks.

What can a consumer do to combat this short of giving up the convenience and fun of your smart home lifestyle?

First, make sure all your IoT devices have up-to-date firmware. You can check this in the smart home app you use. Check for updates for all your devices, not just the smart bulbs. If it’s not on by default, turn on “update automatically” for each device so that your system will stay secure.  

Next, consider moving your smart home hub onto a separate WiFi network. Today’s routers are often capable of being configured to offer more than one network. Replace outdated routers so you can take advantage of this feature.

If you have used a professional installer, these considerations should have been taken for you. Not sure? Never hesitate to check with your company. A reputable professional will always be happy to answer your questions.

Call Zeus Integrated Systems to find out how we can bring the convenience and peace-of-mind of turn-key smart home automation into your life. 800.878.9705