A new report this week appear that your cool smart light bulbs from Philips are potentially accessible to hackers — in fact, your whole Wi-Fi arrangement could be compromised. So take our word for it: update now.

This news comes from cybersecurity analysis firm Checkpoint, which appear a blog post advertisement the flaw. When this was originally acicular out several years ago, companies found a way to stop what was at the time a bulb-hopping attack. Checkpoint says that, while this fix was deployed at the time, the basic vulnerability in the Hue bulb is still there, and can still be used for mischief.


To make this work, a hacker would have to take ascendancy of one bulb, then fiddle with its color and accuracy enough to make the owner think article was wrong with it. The owner would have to delete, then “rediscover” the adulterated bulb on their app, at which point it would flood the ascendancy bridge with malware via a vulnerability in the device’s Zigbee protocol. From there, the hacker can access the home arrangement to which the bridge is attached.

Here’s how it looks in action:

It’s kind of an abstruse attack, and relies on the victim attempting to reconnect the adulterated bulb to the app. But it can work, and that’s a problem. And since Zigbee is used by assorted smart home brands — its website lists such brands as Amazon Echo, Samsung’s SmartThings, and IKEA’s smart lighting devices. But at least we know Philips has tried to fix the problem.

Double-check to make sure your Philips Hue Hub is adapted to firmware adaptation 1935144040. This is the patched adaptation Philips appear last month, and you can find out whether you have it by blockage the “software update” part of the Hue app’s settings menu. Hopefully most of you Philips owners (and anyone else with a Zigbee-based device) get your updates automatically, and you’ll already have it by now.

And if one of your Hue bulbs starts malfunctioning, flickering, etc… I don’t know, maybe throw it out a window, just to be safe?

Read next: How to opt out of Netflix's autoplay previews