Philips Lighting Rebut Media Claims of Hue Bulbs Virus Infection

Recent tech media reports highlighted Philips Hue bulbs vulnerabilities that could be exposed by hackers, which could override lighting controls using computer viruses.

In response to the claims, Philips issued a statement clarifying its smart LED bulb Philips Hue and its family of products were not infected by a computer virus.

An Israeli research team headed by Professor Adi Shamir of Weizmann Institute of Science explored some of the potential cybersecurity vulnerabilities of the Hue bulbs, and publicized their findings in a research report.

Philps Hue LED bulbs security vulnerabilities were tested by Israeli research team headed by Professor Adi Shamir of Weizmann Institute of Science. (Photo courtesy of Philips)

The research team informed Philips about their findings, and the Philips had patched the Hue bulb firmware before the report was publicized.

“At no time was a virus created or used to infect any Philips Hue products,” stated Philips. The researchers had demonstrated possibility of conducting an attack on Philips Hue bulbs so that the company could have developed the patch ware to upgrade the security of the bulbs.

The company urged customers that had purchased the bulbs to update their software via the Philips Hue app, even though the assessed risk was low.

Weizmann Institute of Science PHD students Eyal Ronen and Colin O’Flynn, who worked on the study with Professor Adi Shamir, released their findings on how Philips Hue bulbs connectivity could be hacked by the built-in ZigBee wireless connectivity.

The hacker could launch the attack through a single infected bulb allowing the virus to spread within minutes between lamps and neighboring bulbs via the wireless ZigBee connectivity systems, due to its physical proximity which could allow the virus to spread within minutes.

The attacker can then control the city lights by switching it on or off, permanently brick the bulbs or exploit it to massive DDOS attack. The researchers estimated a city the size of Paris, which has an area of about 105 square kilometers, it would take at least 15,000 smart LED bulbs to keep up the infected bulbs chain reaction, but the process would die down if the city had fewer lights than that.

The study showed how a city-wide bricking attack could be used by hackers to blackout the city, and cause lights to constantly flicker. In a bricking attack the malicious firmware disables additional firmware downwards, which would make any impact from the worm permanent, with no reversible reprogramming methods.

Wireless network jamming could also be implemented to prevent the IEEE 802.15.4 standard which ZigBee runs over uses the 2.4GHz ISM (Industrial, Scientific, Medical) license-free band. Other potential outcomes include attacking the electric grid by causing sudden surges and sharp declines in power consumption, or even causing large scale epileptic seizures in photosensitive people by causing intense flashing and strobing. The researchers also demonstrated how the cyberattack could be carried out using a drone.

Despite Philips statement and the research team’s full disclosure of the status of the Philips Hue Bulbs, a report from Motherboard cited Ronen revealing Philips only patched the bug that allowed the researchers to remotely takeover the bulbs, but malicious updates could still be created and in theory spread the bulbs by infecting one smart light bulb that is in close proximity with others.

Disclaimers of Warranties
1. The website does not warrant the following:
1.1 The services from the website meets your requirement;
1.2 The accuracy, completeness, or timeliness of the service;
1.3 The accuracy, reliability of conclusions drawn from using the service;
1.4 The accuracy, completeness, or timeliness, or security of any information that you download from the website
2. The services provided by the website is intended for your reference only. The website shall be not be responsible for investment decisions, damages, or other losses resulting from use of the website or the information contained therein<
Proprietary Rights
You may not reproduce, modify, create derivative works from, display, perform, publish, distribute, disseminate, broadcast or circulate to any third party, any materials contained on the services without the express prior written consent of the website or its legal owner.

Cree LED J Series® 2835 LEDs are optimized to deliver the best value with high efficacy to low-density, indoor lighting applications, such as downlights, troffers and panel lights. Pro9™ version LEDs deliver up to 24% higher efficacy... READ MORE

OSIRE® E3731i intelligent RGB LED enables creation of dynamic color and motion effects across hundreds of LEDs The intelligent RGBi uses a new and license-free Open System Protocol for communication with any microcontroller Combina... READ MORE