Bug in Philips Smart Light Allows Hopping to Devices on the Network (Feb 5, 2020)
Researchers at Check Point have discovered a vulnerability, tracked as CVE-2020-6007, in the ZigBee wireless communication protocol used by smart home devices. The vulnerability is a heap buffer overflow in Philips Hue Bridge model 2.x that can be exploited remotely. The researchers point out that actors can use known exploits, such as EternalBlue, to move laterally to other systems on the network, then deploy further malware. This vulnerability has been patched in firmware version 1935144040, so users who have updated are fine. Customers of these devices are encouraged to apply automatic updates.
Recommendation: If the device is IoT, it is recommended that it is placed behind a firewall or network address translation and placed within a Virtual Local Area Network (VLAN). Change the default password of IoT devices such as routers and printers to something that is difficult for threat actors to guess, but memorable for you. Anything that faces the internet can be vulnerable to threat actors, and as this story illustrates, malware can evolve extremely quickly so it is crucial to stay up-to-date with security patches and updates.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.