The Lightbulb Worm - A Debriefing on Philips Hue Attacks

Presented at REcon 2017, June 17, 2017, 2 p.m. (60 minutes)

The Philips Hue is one of the most popular smart light systems. Despite the apparent simplicity of these devices, it turns out they have a variety of interesting attacks possible, including the ability to launch a self-spreading “worm” that goes between connected lights directly (without need to talk over internet or other methods). This talk is a combination of technical details of how Eyal & Colin were able to break a completely encrypted firmware update mechanism to accomplish that, along with various interesting asides on specifics of the Philips Hue system and how one can build custom firmware for off-the-shelf bulbs. As the new generation of IoT devices ship with improved security, this talk demonstrates that there may still lurk attack vectors waiting to be exploited by dedicated attackers.



Similar Presentations: