Researchers from universities in Italy and the UK have released a paper disclosing four vulnerabilities in a popular smart bulb. The vulnerabilities allow hackers to control other smart home devices and gain access to the Wi-Fi network. The smart bulb is the Tapo L530E made by TP-Link and the researchers found two high severity and two medium severity vulnerabilities. The vulnerabilities are due to authentication not being securely implemented and having weak cryptographic measure. Those weakness allows attackers to retrieve the Tapo user account details and passwords which can be used to manipulate other Tapo devices. Once the attacker has gain access to the Tapo account, they can extract the victim’s Wi-Fi SSID and password to gain access to their home network. The researchers had disclosed the vulnerabilities to TP-Link and the company is working to address the vulnerabilities and fixed versions have already been released for some of their Tapo products. It is strongly recommended when using IoT devices to keep them isolate on a separate network.
https://arxiv.org/pdf/2308.09019.pdf
https://www.tp-link.com/en/support/faq/3722/
https://www.bleepingcomputer.com/news/security/tp-link-smart-bulbs-can-let-hackers-steal-your-wifi-password/
This segment was created for the It’s 5:05 podcast