A Philips Hue flaw could potentially allow hackers to take control of individual bulbs, and possibly any PCs connected to it.
The vulnerability allows hackers to switch bulbs on and off, and also control the colour and brightness of the bulbs. The hackers can do this remotely through a laptop or a radio transmitter.
Security researchers at Check Point discovered the vulnerability and have uploaded a video to demonstrate how hackers could potentially exploit the flaw.
The researchers have also found a way that the attack could escalate from a single bulb to the entire network. First, an attacker would use the original flaw to get control of one bulb, during which the user would become aware of the random behaviour and lose control of the bulb themselves.
Next, the user would likely delete the bulb and scan it again to re-add it. However, by re-adding the bulb, the user gives the malware in the bulb access to the Hue bridge. From there, it has the ability to spread to connect PCs.
Users are advised to check the Hue app for the new update and to install it right away to avoid any problems.