Use Philips Hue bulbs? Upgrade your firmware to protect against a newly found flaw

A newly found vulnerability could let a hacker inject malware into homes that use Philips Hue bulbs. A patch that eliminates the threat is available now.

Ry Crist Senior Editor / Reviews - Labs
Originally hailing from Troy, Ohio, Ry Crist is a writer, a text-based adventure connoisseur, a lover of terrible movies and an enthusiastic yet mediocre cook. A CNET editor since 2013, Ry's beats include smart home tech, lighting, appliances, broadband and home networking.
Expertise Smart home technology and wireless connectivity Credentials
  • 10 years product testing experience with the CNET Home team
Ry Crist
2 min read
Chris Monroe/CNET

Zigbee is one of the wireless protocols that smart home devices commonly use to talk to each other. Now, a new report from the security research firm Check Point details a vulnerability with those Zigbee transmissions that could allow a hacker armed with little more than a laptop into your home network from as far as 100 meters away.

The attack in question exploits the signals sent between Philips Hue smart bulbs, one of a number of high-profile smart home devices that communicate via Zigbee. A hacker with a laptop and a Zigbee antenna tricks the system into kicking a bulb off of the network, then implants that bulb with malicious code. If the user deletes the suddenly unresponsive bulb from the Hue app and attempts to re-pair with it, they'll spread that malware from the bulb to their Hue Bridge, the central Philips Hue control device which you wire to your router. That's not good.

Check Point sent their findings to Signify, which owns the Philips Hue brand, and plans to release a full report on the vulnerability once manufacturers have had time to issue a patch for it. Signify has a firmware fix ready to go today, so Philips Hue users will want to be sure to download and install it from the settings section of the Hue app.

"We are committed to protecting our users' privacy and do everything to make our products safe," says George Yianni, Head of Technology Philips Hue. "We are thankful for responsible disclosure and collaboration from Check Point -- it has allowed us to develop and deploy the necessary patches to avoid any consumers being put at risk."

Along with Philips Hue, other popular smart home devices that use Zigbee include the Amazon Echo Plus, the Samsung SmartThings system, Sengled smart lights, and smart locks from Yale.