News

Signify closes security vulnerability in Philips Hue Bridge 2.0

By admin
Spread the love

Signify has released a firmware update for the Bridge 2.0 of Philips Hue lighting. A research company outlines a scenario of how a network could be penetrated through the vulnerability.

Firmware version 1935144040 for the Philips Hue Bridge 2.0 was already provided last month without further explanation, but security company Check Point now reports that with the release at least one vulnerability has been fixed.

Check Point demonstrates with a proof-of-concept how the vulnerability can be exploited. An attacker can take control of a Hue lamp to trick the user into thinking that a reset is needed. After removing the lamp from the app and adding it again, the lamp with updated firmware allows the attacker to perform a heap-based buffer overflow attack via ZigBee protocol on the Philips Hue Bridge 2.0.

Thanks to the vulnerability, it is possible to install malware on the bridge with this attack. This could allow the attacker to further exploit any vulnerabilities within a network to gain access. Check Point mentions as an example, already patched, EternalBlue leak in Windows.

Check Point reported its findings to Signify in November last year. The vulnerability has been given the identifier CVE-2020-6007.

You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

AMD: Intel’s proposal for 64bit-only x86 architecture is very interesting

News

Microsoft releases new font for Word, Outlook, PowerPoint and Excel

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

Statcounter: Linux had more than three percent desktop market share for the first…