Researchers found that business and home networks could be hacked through smart bulbs
Check Point’s researchers found that potential threats could exploit IoT networks (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks of various sizes.
IoT or the internet of things is how we have smart homes and other connected infrastructure. Smart bulbs for example use the ZigBee WiFi Protocol and while they are low bandwidth radio protocols and appear to be relatively harmless, researchers found that it is possible for attackers to infiltrate networks through smart home peripherals.
Check Point’s researchers specifically focused on Philps's Hue smart bulbs and bridge, and found vulnerabilities that would allow them to infiltrate networks remotely by exploiting the ZigBee protocol. They were then able to take control of a Hue lightbulb on a target network and install malicious firmware on it.
From that point, they used the lightbulb as a platform to take over the bulbs’ control bridge, and attacked the target network and if the unuaware user tried to reconnect the bulb via the bridge, the firmware would get installed on the bridge which is directly connected to the network allowing the hacker to get full access to the network with the exploit called EternalBlue.
Thankfully, Check point disclosed the vulnerability to Philips and Signify and the company has issued a patch to fix the security hole, so its advised to update your smart bulbs as soon as possible.