First the lightbulb. Then the controller. Then your internal network.
Researchers at Check Point have demonstrated how to infect a network with malware via a simple IoT device, a Philips Hue smart lightbulb. This is an exercise in escalation. There are a couple of vulnerabilities involved. One is CVE-2020-6007 which is a buffer overflow in the Philips Hue Bridge controller firmware, in the part of the software that adds new devices to the controller. The other is based on 2016 research on how to persuade a Hue lightbulb to change its affinity from one controller t...