Zigbee IoT Vulnerabilities Let the Side Down… AGAIN

Recent research carried out by Check Point white hats has exposed a vulnerability in the Philips Hue lighting system, which utilises the Zigbee wireless protocol, and could compromise both home and corporate networks.

The Zigbee protocol is a hardware and software standard designed for WSN (Wireless sensor network). It is widely used in Smart meters and IoT devices due to its low power requirements, high reliability, and low cost.

However, the protocol has a whole host of vulnerabilities that have been well documented and are easily executed. A simple Google search of “how to hack Zigbee” throws up a wide range of ‘how to’ videos on the subject!

[You may also be interested to read “The Top 5 Cloud Security Challenges Haunting Every IT Manager”]

What is the vulnerability?

So, it comes as no surprise that the latest vulnerability, CVE-202-6007, relies on flaws within the Zigbee protocol, and a bug within the Philips Hue system for its execution. Researchers at Checkpoint have found a way to exploit a bug in the Philips Hue personal wireless lighting system which allows them to take control of the systems control bridge and attack the connected IP network.

To execute the attack, a hacker needs to first deploy malicious firmware to one of the connected bulbs over a Zigbee wireless connection. Once the firmware is deployed the hacker tricks the user into thinking that one of the bulbs is faulty and unreachable, and the user will usually try to re-establish connectivity with the bulb by carrying out the reset steps. This entails deleting it from the control bridge and re-adding it.

Once the bulb with the malicious firmware has been re-added to the control bridge, a heap-based buffer overflow is carried out via the Zigbee wireless connection, which hits the control bridge with high volumes of data. Whilst the heap-based buffer overflow is being carried out, the hacker will install malware on the bridge device that is connected to the LAN. When the malware is in place, it connects back to the hacker using a known exploit such as EternalBlue, which then enables the hacker to target the IP network from the control bridge.

[You may also like “What are AS4 File Transfers and Why are they so Important“]


What does this mean for IoT security?

Now, clearly the above exploit has a reliance on both flaws in the Philips Hue platform and the Zigbee protocol for it to be executed. Since Checkpoint disclosed the bug to Philips back in November 2019, a firmware update has addressed the bug in the Hue system, but no such fix or amendment has been forthcoming for the Zigbee protocol. This leaves a whole host IoT devices exposed to similar exploits until the protocol is amended. That being said, there doesn’t seem to be an amendment happening anytime soon, especially when you consider that not much has chanced since the flaws in the protocol were first identified back in 2015!

If you’re concerned about managing vulnerabilities on your network, including on IoT devices, get in touch with us today.