2013-08-14

An Easy Exploit Could Leave Philips Hue "Smart Light" Owners In The Dark

Philips' popular smart lighting tech can be easily hacked, so a stranger could control your home's lights.



Yet another smart home system is under attack. According to a report by TheRegister.com, the Philips Hue "smart lighting" system ships with an extremely simple digital vulnerability at the point where the lights connect to a user's mobile device. An investigator has revealed that anyone with the right Philips app could control another system's lighting, provided they had access to the right information.

That information is the system's MAC address, the static ID of a net-connected device. Unfortunately, most hackers can find out MAC addresses relatively easily simply by sniffing the Wi-Fi signals coming from the home of a Vue owner. It's not a simple "click a button" hack, but it's not difficult to achieve.

The exploit isn't particularly dangerous or troublesome, as it seems unlikely to compromise safety or reveal any private user data. But the vulnerability does raise the possibility that a malicious hacker could upset a home's residents by toying with their lighting, and potentially run up expensive electricity bills by running the lights without the knowledge of the owner.

A similarly unexpected exploit of a home automation system was recently revealed when hackers found they could remotely control some systems of a smart toilet. For now, these hacks are more or less frivolous, but they do expose weak security expertise on behalf of the manufacturers...and as domotics become more popular and the Internet of Things sees everything from your TV to your electricity meter wired up, then more dangerous hacks will likely hit the headlines.

[Image: Flickr user Eric Wüstenhagen]