The bug is being tracked as CVE-2020-6007 and scores an impressive 7.9 out of 10, making it the most serious security flaw in a light bulb we’ve ever seen.
It sounds funny. After all, who would want to hack a light bulb? But it’s actually got serious implications. After all, the light bulb is just the beginning. Once hackers are ‘in’ the bulb, it gives them a beach head on the network that the bulb is attached to, and from there, they can jump to any other device they can see.
Fortunately, Philips has already published a fix for this, in the form of firmware version 1935144040. If you own one or more Philips Hue bulbs, you’ll want to check the firmware version. If yours has not already been updated, take the time to do so.
This underscores the one glaring weakness of the Internet of Things. Very few of the smart products we’re connecting to our networks have any security at all. The few devices that do boast some kind of security often have flaws like the one discovered here, which are severe enough to be considered crippling.
The net effect is to make any network that incorporates smart devices much less secure. After all, your network is only as secure as the weakest device on it, and smart devices have notoriously bad security.
That’s changing, but it’s changing at an incredibly slow rate. If you’ve got smart devices on your network, consider isolating them and minimizing the amount of contact they have with other devices on your network. That way, at least you can mitigate the impact until security improves.