Work by Nitesh Dhanjani shows that Hue's control portal—referred to as "the bridge"—uses a pretty shaky authentication system to communicate wirelessly with devices like phones and tablets. In fact, it uses the MAC address of the bridge in its communication—which makes it a cinch to hack and, well, switch off.
In the video below, Dhanjani injects malware into the bridge via a malicious website, allowing him to find the MAC address straight away. He then proceeds to turn the Hue bulbs off again and again, regardless of the switch being flipped on or off itself. In reality it's difficult to see how this could cause a widespread problem, given it's device specific, but it could be at least irritating and at worst dangerous. It's currently unclear what Philips is doing to address the problem. [Nitesh Dhanjani via The Register]