Well, it's not an extremely precarious thing if a hacker actually manages to take control of my Philips Hue bulbs, but as a customer you can be a bit sad when you see how little creative the security aspects are when controlling the LED bulbs from Philips were addressed. It is not the case that one would get into the Hue central unit called Bridge with the simplest means, but it is certainly advisable for Philips to do a little more effort here in the future to protect the system from unauthorized access.
Chapter in this post:
The hack instructions on Youtube ...
In practice, the hack that I found on ArsTechnika works in such a way that a malicious Javascript that is executed in the browser gives access to the WLAN of the person concerned. Once you are “inside”, you scan the WLAN for iOS devices and copy their network Mac addresses. This hardware address is the only thing the Philips Bridge asks for authentication. If you, as a villain, misrepresent the hardware address of an already known iOS device in the Bridge's WLAN, you can access all the lighting systems that the Bridge manages. In the video, however, the Javascript is programmed in such a way that it repeatedly switches off the light.
Inset - more interesting posts on the blog:
- Refog Free Keylogger
- Search Google image search backwards
- CR2032 button cell compared to CR2016 and CR2025
- Read about Blinkist
- 2nd choice: Amazon Warehouse Deals
The hacker who found out also published a PDF that goes into the technical details. Those who are interested should visit the Read the website of Nitesh Dhanjani.
If you want to see the whole thing in practice, you will find a suitable video here called “Hacking Lightbulbs” on YouTube:
Related Articles
Jens has been running the blog since 2012. He acts as Sir Apfelot for his readers and helps them with technical problems. In his spare time he rides electric unicycles, takes photos (preferably with the iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions to current bugs.