Updated on 2022-10-09: Security bugs found in Ikea’s smart lighting gateway
Researchers at Synopsys found two vulnerabilities that could be abused to hijack and take control of an Ikea Trådfri smart lighting system, such as turning up the bulbs to full brightness (or off) — while preventing users from altering the lights through the app. Per the researchers, “the malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected.” Read more: CyRC Vulnerability Advisory: CVE-2022-39065 IKEA TRÅDFRI smart lighting gateway
Overview
A bug in the Zigbee frame could allow an attacker to take control over Ikea Trådfri smart lighting system, rendering users unable to turn down the brightness through the app or remote control. Read more: Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast
