By: Colin O'Flynn, Eyal Ronen

Scheduled on: June 17 at 14:00

The Philips Hue is one of the most popular smart light systems. Despite the apparent simplicity of these devices, it turns out they have a variety of interesting attacks possible, including the ability to launch a self-spreading “worm” that goes between connected lights directly (without need to talk over internet or other methods). This talk is a combination of technical details of how Eyal & Colin were able to break a completely encrypted firmware update mechanism to accomplish that, along with various interesting asides on specifics of the Philips Hue system and how one can build custom firmware for off-the-shelf bulbs. As the new generation of IoT devices ship with improved security, this talk demonstrates that there may still lurk attack vectors waiting to be exploited by dedicated attackers.