Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast

  /     /     /  
Publicated : 23/11/2024   Category : security

Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast


With just one malformed Zigbee frame, attackers could take over certain Ikea smart lightbulbs, leaving users unable to turn the lights down.


Researchers have demonstrated how an attacker could take over control of light bulbs in the Ikea Trådfri smart lighting system, ultimately turning the bulbs up to full brightness — and users cant turn them down through the app or the remote control. 
Cybersecurity analysts at Synopsys CyRC found that if a threat actor re-sent the same malformed Zigbee frame (IEEE 802.15.4) over and over again, an attacker could advantage of two vulnerabilities (tracked under CVE-2022-39064 and CVE-2022-39065) in the Ikea Trådfri smart lighting system. 
The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected, the Synopsys report explained. 
The result of the
Internet of things (IoT) security flaw
is a lighting system factory reset where the user is stripped of control over their bulbs both through the Ikea Smart Home application as well as the companion Trådfri remote control, Syopsys added. It starts with a flicker and then leaves the lights on full, permanently.
To recover from this attack, a user could manually power cycle the gateway, the team said. However, an attacker could reproduce the attack at any time.
Synopsys disclosed the
smart lighting vulnerabilities
 to Ikea in June 2021 and Ikea released a fix in February 2022, the report added. 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast