Signify, owner of the Philips Hue brand, said that the vulnerabilities in smart lighting, as recently reported by Checkpoint Security, were disclosed to the company back in November 2019 and were patched soon after.
The full attack requires proximity, social engineering, and relies on a loophole that was found in 2017 and has been patched for several years, the company revealed in a statement to ANI.
Signify further said that novel CheckPoint vulnerability gives a possibility to attack the Philips Hue bridge via a compromised bulb; an issue that was patched before the findings were publicly disclosed. Users are recommended to ensure their Philips hue products have been updated to the latest software version.
Earlier this week, CheckPoint researchers disclosed the flaw that could have allowed hackers to take control of a Hue lightbulb on a target network and install malicious firmware on it. The compromised light bulb could then be used as a platform to take over its control bridge and attack the target network to spread spyware or ransomware.