• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

3

Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

3

Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
Techsmart home

The wireless radio used in Philips Hue light bulbs is vulnerable to hackers

By
Stacey Higginbotham
Stacey Higginbotham
Down Arrow Button Icon
By
Stacey Higginbotham
Stacey Higginbotham
Down Arrow Button Icon
August 7, 2015, 6:06 PM ET
Philips Hue Smart lightbulbs
handoutPhoto: Courtesy of Philips
Add Fortune on Google for similar content.

The popular wireless mesh networking protocol used in many connected home devices including the Philips Hue light bulbs has been shown to be vulnerable to intrusion. Researchers from Cognosec, presented a paper at the Black Hat security conference showing that the way the ZigBee wireless protocol authenticates devices in its mesh network leaves it open to attack, despite the protocol’s use of high quality security.

To be clear, this is not a weakness in ZigBee or the Hue light bulbs, but a weakness in the way that ZigBee is commonly implemented that can be exploited. The main area of vulnerability is around how the ZigBee protocol handles the keys it uses to authenticate the devices it adds to its mesh network. There are a few ways people can take advantage of it, but most boil down to not adding costs to the end product or not inconveniencing the end user or the manufacturer.

For example, the primary issue is that if manufactures of ZigBee devices use the default settings to exchange secure keys among other devices in the ZigBee network, it introduces a weakness. It’s the equivalent of manufacturers using “password” as their password for exchanging these keys. Another manufacturing problem is using low-end radios that aren’t tamper proof for the “dumb” devices in the network such as sensors.

If someone steals one of these nodes they can mess with the radio and then steal the keys to get onto your ZigBee network. One way to avoid this is to put a high-end radio on the device that shuts down if it detects that it is being tampered with.

Other weaknesses Cognosec noticed included a tendency for manufacturers to reply on the same key authentication for devices once they are on the network, which is actually a huge kindness to users since retyping in a key on a device or re-authenticating on a network would be a huge pain post-installation of a new connected light bulb or door lock. Believe me, once you put these types of things in your home, you don’t want them asking you for more interactions.

And that’s one huge challenge of securing the internet of things. The end user is not interested or necessarily capable of handling the demands that connected devices will require in the form of security. So while it’s nice to tell people to change their password and keep devices updated, many will not. And that gets into the second problem with securing the internet of things—most manufacturers still aren’t willing to take responsibility for security.

Many of the new connected products are designed by startups, some of which are taking steps such as hiring security firms to test their products, or thinking about security from the initial design. However, others are ignoring even common sense measures such as not storing everyone’s passwords in the same database behind a single password or trusting the physical security of a home security hub to the contract manufacturing firm that is making it. Slowly, the larger companies supplying those startups such as the chip firms and wireless radio standard consortia are trying to help make security better by creating products and standardized tools that startups can use easily to make their products more secure.

But not everyone is ready to talk about the role of the larger companies yet. I asked Mike McNamara, the CEO of Flextronics, the company that helps make many of these connected devices from the FitBits to the Wink home hub (which has had several security SNAFUs) about the role bigger firms such as his had to play in helping the connected device industry become more secure at our Brainstorm Tech event in July. He dodged the question utterly. That’s a shame, because he’s in a unique role to influence security and even enforce standards that could really push connected devices forward.

The industry needs to start working on ways to connect these devices securely and easily. And when things go wrong, as they often do, it needs to be able to alert users that their security has been compromised quickly and document what happened. Even today companies have a hard time with this, often noticing that something has happened in their networks, but they are unable to tell which users were affected or what hackers have done. As we attach medical devices, cars, manufacturing infrastructure and other sensitive assets to the Internet, having an understanding of an intrusion and then documentation of what the intruder did and if they still have access will be essential.

Consumers aren’t going to be able to do that. That’s something that needs to be designed in and managed on an ongoing basis. And yes, that will add costs, but it’s just the price we’re going to have to pay to live in a connected world. If that adds a few dollars to my ZigBee locks, that’s worth it.

About the Author
By Stacey Higginbotham
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

Nikesh Arora, chief executive officer at Palo Alto Networks
SuccessJobs
CEO of $248 billion cybersecurity company says workers are about to face a ‘Darwinian moment’ thanks to AI: Evolve or get cut
By Emma BurleighJuly 1, 2026
2 hours ago
Current price of Ethereum for July 1, 2026
Personal FinanceEthereum
Current price of Ethereum for July 1, 2026
By Joseph HostetlerJuly 1, 2026
4 hours ago
In this photo illustration, a Cisco logo is displayed on a smartphone with Artificial Intellingence (AI) symbols in the background.
AICFO Daily
Cisco is rolling out AI agents to every single one of its 90,000 employees
By Sheryl EstradaJuly 1, 2026
4 hours ago
senate
CommentaryCongress
One rare bipartisan AI bill is moving through Congress. Here’s why it deserves to pass
By Neil Björkman and Betsy BrewerJuly 1, 2026
6 hours ago
I know how Gen Z can survive the ‘jobpocalypse’ because I built an AI company — in 2015
CommentaryCareers
I know how Gen Z can survive the ‘jobpocalypse’ because I built an AI company — in 2015
By Jeremy FainJuly 1, 2026
6 hours ago
OCBC rolls out its ‘avatar banking’ platform with ‘Wendy’ and ‘Wayne,’ two virtual financial advisors, as banks integrate AI into wealth management
AsiaSingapore
OCBC rolls out its ‘avatar banking’ platform with ‘Wendy’ and ‘Wayne,’ two virtual financial advisors, as banks integrate AI into wealth management
By Angelica AngJuly 1, 2026
7 hours ago

Most Popular

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
6 days ago
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
Success
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
By Preston ForeJune 27, 2026
4 days ago
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
Success
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
By Sydney LakeJune 29, 2026
2 days ago
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
10 hours ago
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
Commentary
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
By Marc AndersenJune 30, 2026
1 day ago
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
Newsletters
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
By Diane BradyJuly 1, 2026
8 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.