A team of researchers just revealed that it’s possible for a rogue light bulb to hijack your Philips Hue bridge—and, in turn, your entire network—using a vulnerability in the Zigbee wireless protocol. The good news? Your bridge has probably already patched itself.

Check Point Research published its findings on Wednesday, three months after alerting Signify-owned Philips Hue of the vulnerability. Signify confirmed the security hole and released a patch for the Hue Bridge in January. If your bridge is online and you’ve enabled automatic updates, the patch should already be installed.

Also, a Philips Hue rep told TechHive that Hue bulbs manufactured since 2018 aren’t vulnerable to the attack.

According to Check Point, hackers can exploit the Zigbee vulnerability by taking control of an older Hue bulb and making it turn on and off or change color, in hopes of tricking the owner into thinking something’s amiss with the bulb.

Your Hue Bridge has, most likely, already been patched to prevent hackers from attacking it using a compromised Hue bulb.

If the user removes the bulb from the Hue app and re-pairs it to the bridge, the hackers can then use the compromised bulb to send a “heap-based buffer overload” to the bridge, essentially overwhelming it with data and paving the way for a malware attack on the user’s entire network, the Check Point report says.

Check Point notes that it focused its research on Philips Hue because it’s the “market-leading” Zigbee smart-bulb manufacturer, leaving open the possibility that other Zigbee-based smart devices are open to the attack. A detailed report won’t be published until “a later date” to “give users time to successfully patch their vulnerable devices,” Check Point said. Hopefully, we'll hear soon from manufacturers of other Zigbee-enabled devices about how they have (or will) tackle the security hole.

Check Point’s findings come a few years after researchers used a drone to remotely inject a worm into a Zigbee bulb, which then allowed the worm to jump from bulb to bulb. Check Point said it used a “remaining vulnerability” from that earlier research to discover the latest exploit.

This story, "Zigbee vulnerability lets hackers use Hue bulbs to hijack your network" was originally published by TechHive.