This post is also available in:
עברית (Hebrew)
The Indian Computer Emergency Response Team (CERT-In) has issued a warning regarding critical vulnerabilities in the Philips Smart Lighting products and Matrix Door Controller devices, putting users at risk of getting their information stolen. Cybersecurity firm Cyble has also identified multiple Philips lighting devices at risk due to a significant flaw in their firmware.
Affected Philips products include the Smart WiFi LED Batten (24-Watt), Smart WiFi LED T Beamer (20-Watt), and various Smart Bulb models (9, 10, and 12-Watt) and smart-T bulbs (10 and 12-Watt). In order to harm users’ privacy, malicious actors would need to gain physical access to these devices with firmware versions prior to 1.33.1. However, the implications could be severe: If they manage to do so, they can extract WiFi credentials stored in cleartext within the firmware. This vulnerability, Cyble emphasizes, allows attackers to analyze the firmware binary, potentially compromising the entire WiFi network, connected devices, and sensitive information.
CERT-In strongly suggests users upgrade their Philips Smart bulbs to the latest firmware to mitigate the risk of exploitation. This step is crucial to securing their networks against unauthorized access.
The second vulnerability pertains to Matrix Door Controllers. A flaw in the session management of the web-based management interface allows remote attackers to send HTTP requests, potentially granting them unauthorized access and complete control over the system. While there is currently no evidence of exploitation, Cyble warns that the potential risks are significant and demand immediate attention.
To protect against this vulnerability, researchers recommend restricting access to the Matrix door controllers and implementing strong authentication mechanisms for the abovementioned interface. CERT-In advises upgrading the Matrix Door Controller Cosec Vega FAXQ to firmware version V2R17 to address the issue.
As smart devices become increasingly integral to our daily lives, staying vigilant about security updates is essential to safeguarding personal and network security. Users of both Philips and Matrix devices should take immediate action to protect themselves from potential threats.
