"Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast"

Researchers demonstrated how an attacker could take control of light bulbs in the Ikea Tradfri smart lighting system, eventually turning them all the way up to full brightness. Users cannot turn them off using the app or the remote control during this attack. Synopsys CyRC cybersecurity analysts discovered that by repeatedly sending the same malformed Zigbee frame (IEEE 802.15.4), a threat actor could exploit two vulnerabilities in the Ikea Tradfri smart lighting system. According to the Synopsys report, the malformed Zigbee frame is an unauthenticated broadcast message, which means that all vulnerable devices within radio range are affected. The result of the Internet of Things (IoT) security flaw is a lighting system factory reset in which the user loses control over their bulbs via both the Ikea Smart Home application and the companion Tradfri remote control. It begins with a flicker and then permanently turns on the lights. This article continues to discuss the demonstrated attack that could take over light bulbs in the Ikea Tradfri smart lighting system.

Dark Reading reports "Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast"