We could not find any results for:
Make sure your spelling is correct or try broadening your search.
Share Name | Share Symbol | Market | Type |
---|---|---|---|
Check Point Software Technologies Inc | NASDAQ:CHKP | NASDAQ | Common Stock |
Price Change | % Change | Share Price | Bid Price | Offer Price | High Price | Low Price | Open Price | Shares Traded | Last Trade | |
---|---|---|---|---|---|---|---|---|---|---|
0.00 | 0.00% | 149.00 | 138.71 | 152.27 | 0 | 09:09:35 |
Check Point’s researchers showed how a threat actor could exploit an IoT network (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks in homes, businesses or even smart cities. Researchers focused on the market-leading Philips Hue smart bulbs and bridge, and found vulnerabilities (CVE-2020-6007) that enabled them to infiltrate networks using a remote exploit in the ZigBee low-power wireless protocol that is used to control a wide range of IoT devices.
In an analysis of the security of ZigBee-controlled smart lightbulbs that was published in 2017, researchers were able to take control of a Hue lightbulb on a network, install malicious firmware on it and propagate to other adjacent lightbulb networks. Using this remaining vulnerability, our researchers decided to take this prior work one step further and used the Hue lightbulb as a platform to take over the bulbs’ control bridge and ultimately, attacking the target's computer network. It should be noted that more recent hardware generations of Hue lightbulbs do not have the exploited vulnerability.
The attack scenario is as follows:
“Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as lightbulbs can be exploited by hackers and used to take over networks, or plant malware,” said Yaniv Balmas, Head of Cyber Research, Check Point Research. “It’s critical that organizations and individuals protect themselves against these possible attacks by updating their devices with the latest patches and separating them from other machines on their networks, to limit the possible spread of malware. In today’s complex fifth-generation attack landscape, we cannot afford to overlook the security of anything that is connected to our networks.”
The research, which was done with the help of the Check Point Institute for Information Security (CPIIS) in Tel Aviv University, was disclosed to Philips and Signify (owner of the Philips Hue brand) in November 2019. Signify confirmed the existence of the vulnerability in their product, and issued a patched firmware version (Firmware 1935144040) which is now via an automatic update. We recommend users to make sure that their product received the automatic update of this firmware version.
“We are committed to protecting our users’ privacy and do everything to make our products safe. We are thankful for responsible disclosure and collaboration from Checkpoint, it has allowed us to develop and deploy the necessary patches to avoid any consumers being put at risk,” says George Yianni, Head of Technology Philips Hue.
Here is a demo video of how the attack works. The full technical research details will be published at a later date in order to give users time to successfully patch their vulnerable devices.
Check Point is the first vendor to provide a consolidated security solution that hardens and protects the firmware of IoT devices. Utilizing a recently acquired technology, Check Point allows organization to mitigate device level attacks before devices are compromised utilizing on-device run time protection.
Follow Check Point Research via:Blog: https://research.checkpoint.com/ Twitter: https://twitter.com/_cpresearch_
About Check Point Research Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Check Point’s solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and advanced targeted threats. Check Point offers a multilevel security architecture, “Infinity Total Protection with Gen V advanced threat prevention”, this combined product architecture defends an enterprises’ cloud, network and mobile devices. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.
MEDIA CONTACT: | INVESTOR CONTACT: |
Emilie Beneitez Lefebvre | Kip E. Meintzer |
Check Point Software Technologies | Check Point Software Technologies |
press@checkpoint.com | ir@checkpoint.com |
1 Year Check Point Software Tec... Chart |
1 Month Check Point Software Tec... Chart |
It looks like you are not logged in. Click the button below to log in and keep track of your recent history.
Support: +44 (0) 203 8794 460 | support@advfn.com
By accessing the services available at ADVFN you are agreeing to be bound by ADVFN's Terms & Conditions