Researchers have demonstrated how an attacker might take over management of sunshine bulbs within the Ikea Trådfri good lighting system, in the end turning the bulbs as much as full brightness — and customers cannot flip them down by way of the app or the distant management.
Cybersecurity analysts at Synopsys CyRC discovered that if a menace actor re-sent the identical malformed Zigbee body (IEEE 802.15.4) over and over, an attacker might benefit of two vulnerabilities (tracked beneath CVE-2022-39064 and CVE-2022-39065) within the Ikea Trådfri good lighting system.
“The malformed Zigbee body is an unauthenticated broadcast message, which implies all weak units inside radio vary are affected,” the Synopsys report defined.
The results of the Web of issues (IoT) safety flaw is a lighting system manufacturing unit reset the place the consumer is stripped of management over their bulbs each by way of the Ikea Sensible House software in addition to the companion Trådfri distant management, Syopsys added. It begins with a flicker and then leaves the lights on full, completely.
“To recuperate from this assault, a consumer might manually energy cycle the gateway,” the crew stated. “Nevertheless, an attacker might reproduce the assault at any time.”
Synopsys disclosed the good lighting vulnerabilities to Ikea in June 2021 and Ikea launched a repair in February 2022, the report added.