ZigBee Alliance Responds to Philips Hue Bulb Hack Reports

The ZigBee Alliance is in continuous communication with its member companies to develop and maintain its suite of market-relevant standards for the IoT. The Alliance is aware of the issues raised in the Weizmann Institute / Dalhousie University report referenced in multiple press articles this week.

The weakness described in this report is not in any of the ZigBee standards.

In this instance, there was a software bug in the implementation from one silicon provider. It is not a ZigBee protocol issue – but rather an internal implementation issue. Like many technology platforms, such as smartphones and our daily computing devices, there’s a constant need to keep software current and check for updates to ensure the security of devices and system solutions. The attack here leveraged an internal interface vulnerability, and as such is not applicable in an entire ecosystem or product suite.

A woman uses voice command features in her smartphone to switch on Philips Hue bulbs at home. (Photo courtesy of Philips)

The problem in this specific smart bulb scenario has since been resolved and rolled out to all customers of that stack supplier. We also understand that Philips Hue, which uses third-party software components from this particular stack supplier for part of their portfolio, has implemented the patch and already rolled out the firmware to all devices in the field. No changes to the ZigBee standard are warranted.

The ZigBee Alliance and its members take security very seriously. Our members develop standards and protocols to strike the appropriate balance between ease of use and secure interaction of devices to afford the greatest ‘smart’ functionality with essential security measures in place. There are many layers in a software implementation that work behind the scenes to drive the behavior of products and solutions. Members earn the ZigBee Certified designation, which verifies that their platform and product meets Alliance requirements and performs over-the-air transfers as expected. From there, manufacturers have many implementation choices before bringing their products to market.

ZigBee technology is created and implemented by many of the most successful companies in the world, all of which have access to the latest security schemes. Members of ZigBee Alliance technical working groups actively review the ZigBee security framework as well as industry best practices, and therefore welcome this type of analysis as an open standards community.

We’ll continue to work closely with our members to ensure all the functionality available to them in our existing set of standards and security measures is used to its full effect to deliver a secure and encouraging IoT experience. We’ll also continue to help the market understand the many moving parts, requirements and criticalities of wireless networking in the emerging world of the Internet of Things.

Disclaimers of Warranties
1. The website does not warrant the following:
1.1 The services from the website meets your requirement;
1.2 The accuracy, completeness, or timeliness of the service;
1.3 The accuracy, reliability of conclusions drawn from using the service;
1.4 The accuracy, completeness, or timeliness, or security of any information that you download from the website
2. The services provided by the website is intended for your reference only. The website shall be not be responsible for investment decisions, damages, or other losses resulting from use of the website or the information contained therein<
Proprietary Rights
You may not reproduce, modify, create derivative works from, display, perform, publish, distribute, disseminate, broadcast or circulate to any third party, any materials contained on the services without the express prior written consent of the website or its legal owner.

Natural colour rendering of Optisolis™ LEDs lets visitors experience artwork as the artist intended without degrading the work. Tokushima, Japan – 23 July 2019: Nichia Corporation, the leader in high brightness LED technologies, an... READ MORE

TSLC Corporation, a subsidiary of SemiLEDs, launched sampling of its tri-color Mini LED series, targeted to provide LED display manufacturers with surface-mounting (SMT) compatible devices. The first product in the tri-color multi pixel series... READ MORE