“Researchers from the Weizmann Institute of Science and Dalhousie University were able to execute the chain-reaction attack by exploiting a vulnerability in the ZigBee wireless communications protocol, a widely used home automation protocol found at the core of millions of today’s most popular smart home devices — Philips Hue lighting is just one example. The infected payload was delivered by exploiting a weakness in Philips’ encryption to force an over-the-air firmware update using an ‘autonomous attack kit’ built from ‘readily available equipment’ costing just a few hundred dollars. In other words, anyone with the knowledge and motivation could execute a similar attack.”
Source: Watch a drone hack a room full of smart lightbulbs from outside the window – The Verge