• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii

3

Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii

3

Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
Techsmart home

The wireless radio used in Philips Hue light bulbs is vulnerable to hackers

By
Stacey Higginbotham
Stacey Higginbotham
Down Arrow Button Icon
By
Stacey Higginbotham
Stacey Higginbotham
Down Arrow Button Icon
August 7, 2015, 6:06 PM ET
Philips Hue Smart lightbulbs
handoutPhoto: Courtesy of Philips
Add Fortune on Google for similar content.

The popular wireless mesh networking protocol used in many connected home devices including the Philips Hue light bulbs has been shown to be vulnerable to intrusion. Researchers from Cognosec, presented a paper at the Black Hat security conference showing that the way the ZigBee wireless protocol authenticates devices in its mesh network leaves it open to attack, despite the protocol’s use of high quality security.

To be clear, this is not a weakness in ZigBee or the Hue light bulbs, but a weakness in the way that ZigBee is commonly implemented that can be exploited. The main area of vulnerability is around how the ZigBee protocol handles the keys it uses to authenticate the devices it adds to its mesh network. There are a few ways people can take advantage of it, but most boil down to not adding costs to the end product or not inconveniencing the end user or the manufacturer.

For example, the primary issue is that if manufactures of ZigBee devices use the default settings to exchange secure keys among other devices in the ZigBee network, it introduces a weakness. It’s the equivalent of manufacturers using “password” as their password for exchanging these keys. Another manufacturing problem is using low-end radios that aren’t tamper proof for the “dumb” devices in the network such as sensors.

If someone steals one of these nodes they can mess with the radio and then steal the keys to get onto your ZigBee network. One way to avoid this is to put a high-end radio on the device that shuts down if it detects that it is being tampered with.

Other weaknesses Cognosec noticed included a tendency for manufacturers to reply on the same key authentication for devices once they are on the network, which is actually a huge kindness to users since retyping in a key on a device or re-authenticating on a network would be a huge pain post-installation of a new connected light bulb or door lock. Believe me, once you put these types of things in your home, you don’t want them asking you for more interactions.

And that’s one huge challenge of securing the internet of things. The end user is not interested or necessarily capable of handling the demands that connected devices will require in the form of security. So while it’s nice to tell people to change their password and keep devices updated, many will not. And that gets into the second problem with securing the internet of things—most manufacturers still aren’t willing to take responsibility for security.

Many of the new connected products are designed by startups, some of which are taking steps such as hiring security firms to test their products, or thinking about security from the initial design. However, others are ignoring even common sense measures such as not storing everyone’s passwords in the same database behind a single password or trusting the physical security of a home security hub to the contract manufacturing firm that is making it. Slowly, the larger companies supplying those startups such as the chip firms and wireless radio standard consortia are trying to help make security better by creating products and standardized tools that startups can use easily to make their products more secure.

But not everyone is ready to talk about the role of the larger companies yet. I asked Mike McNamara, the CEO of Flextronics, the company that helps make many of these connected devices from the FitBits to the Wink home hub (which has had several security SNAFUs) about the role bigger firms such as his had to play in helping the connected device industry become more secure at our Brainstorm Tech event in July. He dodged the question utterly. That’s a shame, because he’s in a unique role to influence security and even enforce standards that could really push connected devices forward.

The industry needs to start working on ways to connect these devices securely and easily. And when things go wrong, as they often do, it needs to be able to alert users that their security has been compromised quickly and document what happened. Even today companies have a hard time with this, often noticing that something has happened in their networks, but they are unable to tell which users were affected or what hackers have done. As we attach medical devices, cars, manufacturing infrastructure and other sensitive assets to the Internet, having an understanding of an intrusion and then documentation of what the intruder did and if they still have access will be essential.

Consumers aren’t going to be able to do that. That’s something that needs to be designed in and managed on an ongoing basis. And yes, that will add costs, but it’s just the price we’re going to have to pay to live in a connected world. If that adds a few dollars to my ZigBee locks, that’s worth it.

About the Author
By Stacey Higginbotham
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

Michael Burry just shorted Caterpillar’s 172% AI rally. One analyst says his bet won’t even matter
Investingstock prices
Michael Burry just shorted Caterpillar’s 172% AI rally. One analyst says his bet won’t even matter
By Marco Quiroz-GutierrezJuly 2, 2026
10 hours ago
U.S. Treasury Secretary Scott Bessent
EconomyDebt
AI’s $2.2 trillion deficit fix is already half fake, economists say
By Tristan BoveJuly 2, 2026
11 hours ago
Anthropic CEO Dario Amodei
AIEye on AI
Anthropic’s Fable model is back. But U.S. AI policy is still a mess
By Jeremy KahnJuly 2, 2026
12 hours ago
ai
North AmericaImmigration
Trump’s $46 billion ‘smart wall’ with Mexico bets on AI and scale
By Rebecca Santana and The Associated PressJuly 2, 2026
13 hours ago
sk
AISouth Korea
AI “grief videos” turn mourning into a $390 service in South Korea
By Hyung-Jin Kim and The Associated PressJuly 2, 2026
13 hours ago
Securitize CEO Carlos Domingo looks to the far right during a conference.
CryptoBlockchain
Securitize is latest crypto company to go public as BlackRock-backed firm sees stock jump 3% on debut
By Camila Grigera NaónJuly 2, 2026
13 hours ago

Most Popular

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
2 days ago
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
Success
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
By Sasha RogelbergJuly 2, 2026
13 hours ago
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
Success
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
By Orianna Rosa RoyleJuly 2, 2026
23 hours ago
Americans are escaping the U.S. for New Zealand where house prices have hit a new low—but only wealthy Americans with $3 million spare can invest
Success
Americans are escaping the U.S. for New Zealand where house prices have hit a new low—but only wealthy Americans with $3 million spare can invest
By Emma BurleighJuly 2, 2026
15 hours ago
Current price of oil as of July 2, 2026
Personal Finance
Current price of oil as of July 2, 2026
By Joseph HostetlerJuly 2, 2026
17 hours ago
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
8 days ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.