YouTube/Signify
- A vulnerability in some smart home devices makes it possible for hackers to take control of people's laptops by attacking those devices, according to security firm Check Point.
- The vulnerability affects all smart home devices that use the Zigbee protocol, including Philips Hue Smart Light Bulbs and Amazon Echo.
- Philips Hue has listed the risk as "high" severity and is urging users to update their devices to install a patch.
- Visit Business Insider's homepage for more stories.
Security researchers have discovered a vulnerability affecting connected home devices that allows hackers to take control of peoples' computers by attacking their smart devices.
The vulnerability affects any connected devices that use a network called the Zigbee protocol, including Philips Hue Smart Light Bulbs and Amazon Echo, according to a new report from security firm Check Point.
Check Point has shared its findings with Philips Hue, which has confirmed the vulnerability and listed it as "high" severity. The company has issued a patch, and is urging all users to install the latest software update to protect against potential hacks. Philips does not automatically update devices, even in cases of "high" severity, unless customers opt in to automatic updates. The company said it urges Philips Hue owners to enable automatic updates.
While Check Point demonstrated that Philips Hue devices are vulnerable, it's not clear whether the exploit can be replicated for all connected devices. Amazon, Apple, and Google recently reached an agreement that all their smart home devices would use the same protocol, known as the Zigbee protocol, to connect.
An Amazon spokesperson told Business Insider that the company is investigating whether its devices are vulnerable.
"Customer trust is important to us and we take the security of our devices seriously. We are reviewing this research to determine any impact on our devices," the Amazon spokesperson said.
The vulnerability allows hackers to access people's home computer networks using an over-the-air attack. Equipped with a laptop and antenna, attackers could take control of victims' computers by compromising the hub that connects their smart devices.
"Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly 'dumb' devices such as lightbulbs can be exploited by hackers and used to take over networks, or plant malware," Check Point head of cyber research Yaniv Balmas said in a statement.
Philips Hue head of technology George Yianni said in a statement that the company is committed to protecting users' privacy and safety.
"We are thankful for responsible disclosure and collaboration from Checkpoint, it has allowed us to develop and deploy the necessary patches to avoid any consumers being put at risk," Yianni said.