Although the exploit required some user intervention (e.g: searching for the fake lightbulb), it is still impressive and the write-up is very well written. Thanks for sharing!
What's more impressive though is the disclosure timeline, unless I'm missing something Signify / Philips acknowledged + confirmed the issue on the same day they were disclosed, and then fixed them 20 days later. The only thing I'm not impressed with is the time that it took from their fix to be released as a software update (49 days).
I know that compared to other vendors, this timeline is really great, but I'm still impressed it takes that much of a time to release a fix they implemented and tested as part of a software update
