
Infiltrating the network using a malicious ZigBee lightbulb - eyalitki
https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
======
denysvitali
Although the exploit required some user intervention (e.g: searching for the
fake lightbulb), it is still impressive and the write-up is very well written.
Thanks for sharing!

What's more impressive though is the disclosure timeline, unless I'm missing
something Signify / Philips acknowledged + confirmed the issue on the same day
they were disclosed, and then fixed them 20 days later. The only thing I'm not
impressed with is the time that it took from their fix to be released as a
software update (49 days).

I know that compared to other vendors, this timeline is really great, but I'm
still impressed it takes that much of a time to release a fix they implemented
and tested as part of a software update

