Lights off, lights on: this is how you hack the Philips Hue light control

Hack Philips Hue
Hack Philips Hue

The hack of the Philips Hue system is technically possible, but not that easy.

Well, it's not an extremely precarious thing if a hacker actually manages to take control of my Philips Hue bulbs, but as a customer you can be a bit sad when you see how little creative the security aspects are when controlling the LED bulbs from Philips were addressed. It is not the case that one would get into the Hue central unit called Bridge with the simplest means, but it is certainly advisable for Philips to do a little more effort here in the future to protect the system from unauthorized access.

The hack instructions on Youtube ...

In practice, the hack that I found on ArsTechnika works in such a way that you gain access to the affected person's WLAN via a malicious Javascript that is executed in the browser. Once you are "inside", you scan the WLAN for iOS devices and copy their network Mac address. This hardware address is the only thing the Philips Bridge requires for authentication. If you, as the villain in the bridge's WLAN, mistake the hardware address of a known iOS device, you can access all of the lighting systems that the bridge manages. In the video, however, the Javascript is programmed in such a way that it repeatedly switches off the light.

Inset - more interesting posts on the blog:

The hacker who found out also published a PDF that goes into the technical details. Those who are interested should visit the Read the website of Nitesh Dhanjani.

If you want to see the whole thing in practice, you will find a suitable video called "Hacking Lightbulbs" on YouTube:

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * marked