DEF CON Safe Mode - Eyal Itkin - Dont Be Silly It’s Only a Lightbulb
Note while this particular vulnerability is patched, nothing is stopping 0-day exploits for doing something similar. This is the reason I personally will never have any cameras or smart locks at home.
- Attacker transmits zigbee factory reset to lightbulb
- The bulb becomes unreachable for the user and user resets it
- Attacker broadcasts a fake bulb with malicious code
- User thinks its their bulb and adds it to the bridge
- The bridge launches attacks inside the network