In this article, we focus on the popular Philips Hue smart lamps, which have been sold in large numbers (especially in the European market) since 2012. The communication between the lamps and their controllers is carried out based on the Zigbee protocol, which is the radio link of choice between many IoT devices due to its simplicity, wide availability, low cost, low power consumption, robustness, and long range. (Its main disadvantage compared to Wi-Fi radio communication is its limited bandwidth, which is not a real problem in most IoT applications.) The Hue lamps contain a Zigbee chip made by Atmel, which uses multiple layers of cryptographic and noncryptographic protection to prevent hackers from misusing the lamps once they are securely connected with their controllers. In particular, they will ignore any request to reset or to change their affiliation unless it is sent from a Zigbee transmitter, which is only a few centimeters away from the lamp. Even though an attacker can try to spoof such a proximity test by using very high-power transmitters, the fact that the received power decreases quadratically with distance makes such brute-force attacks very hard (even at ranges of 100 meters).