- Malicious actors can exploit physical access to devices running firmware versions prior to 1.33.1.
- Cyble exposes vulnerabilities in Philips Smart Lighting products and Matrix Door Controller devices.
As our reliance on smart technology increases, the security risks associated with these devices become increasingly alarming.
Recent revelations from the Indian Computer Emergency Response Team (CERT-In) emphasise the need for vigilance regarding vulnerabilities in Philips Smart Lighting products and Matrix Door Controller devices. These vulnerabilities expose critical data—specifically, WiFi credentials—potentially endangering both individual users and broader network security.
The first vulnerability pertains to several Philips smart lighting models, including the Philips Smart WiFi LED Batten and various Smart Bulb models.
According to the cybersecurity firm Cyble, malicious actors can exploit physical access to devices running firmware versions prior to 1.33.1. The flaw allows attackers to extract firmware and analyse its contents, revealing WiFi credentials stored in plain text.
The situation poses a severe risk; once intruders gain access to the user’s WiFi network, they can compromise not only the security of that network but also the integrity of connected devices and the privacy of sensitive personal information. In light of this, CERT-In has strongly advised users to upgrade to the latest firmware to mitigate these threats.
The second vulnerability relates to Matrix Door Controllers, where a flaw in the web-based management interface’s session management could allow remote attackers to send specially crafted HTTP requests. This could grant them unauthorized access, posing significant risks to the confidentiality, integrity, and availability of the system.
Cyble warns that while there is currently no evidence of exploitation in the wild, the potential for significant harm remains. Researchers advocate for stringent security measures, including network segmentation and robust authentication protocols for management interfaces, underscoring the urgency of addressing this vulnerability.