<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

Zigbee IoT Vulnerabilities Let the Side Down... AGAIN

Topics: IoT, Vulnerability, Vulnerability Management

Posted: 09 March 2020


Recent research carried out by Check Point white hats has exposed a vulnerability in the Philips Hue lighting system, which utilises the Zigbee wireless protocol, and could compromise both home and corporate networks.

The Zigbee protocol is a hardware and software standard designed for WSN (Wireless sensor network). It is widely used in Smart meters and IoT devices due to its low power requirements, high reliability, and low cost.

However, the protocol has a whole host of vulnerabilities that have been well documented and are easily executed. A simple Google search of “how to hack Zigbee” throws up a wide range of 'how to' videos on the subject!

[You may also be interested to read "The Top 5 Cloud Security Challenges Haunting Every IT Manager"]

What is the vulnerability?


So, it comes as no surprise that the latest vulnerability, CVE-202-6007, relies on flaws within the Zigbee protocol, and a bug within the Philips Hue system for its execution. Researchers at Checkpoint have found a way to exploit a bug in the Philips Hue personal wireless lighting system which allows them to take control of the systems control bridge and attack the connected IP network.

To execute the attack, a hacker needs to first deploy malicious firmware to one of the connected bulbs over a Zigbee wireless connection. Once the firmware is deployed the hacker tricks the user into thinking that one of the bulbs is faulty and unreachable, and the user will usually try to re-establish connectivity with the bulb by carrying out the reset steps. This entails deleting it from the control bridge and re-adding it.

Once the bulb with the malicious firmware has been re-added to the control bridge, a heap-based buffer overflow is carried out via the Zigbee wireless connection, which hits the control bridge with high volumes of data. Whilst the heap-based buffer overflow is being carried out, the hacker will install malware on the bridge device that is connected to the LAN. When the malware is in place, it connects back to the hacker using a known exploit such as EternalBlue, which then enables the hacker to target the IP network from the control bridge. 

[You may also like "What are AS4 File Transfers and Why are they so Important"]


What does this mean for IoT security?


Now, clearly the above exploit has a reliance on both flaws in the Philips Hue platform and the Zigbee protocol for it to be executed. Since Checkpoint disclosed the bug to Philips back in November 2019, a firmware update has addressed the bug in the Hue system, but no such fix or amendment has been forthcoming for the Zigbee protocol. This leaves a whole host IoT devices exposed to similar exploits until the protocol is amended. That being said, there doesn’t seem to be an amendment happening anytime soon, especially when you consider that not much has chanced since the flaws in the protocol were first identified back in 2015! 

If you're concerned about managing vulnerabilities on your network, including on IoT devices, get in touch with us today.


Data Protection for Life GDPR Data Processing

Infinigate UK
Posted by: Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts