Dark
Light

TP-Link Smart Bulb Spills Wi-Fi Passwords

1 min read
318 views

A well-known brand of bright light bulbs has some vulnerabilities, according to security researchers from Italy and London, which could enable attackers to learn their target’s Wi-Fi password.

Davide Bonaventura and Giampaola Bella from Catania University and Sergio Esposito from the University of London and Royal Holloway are the authors of the fresh paper.

It looked at the TP-Link Tapo L530E, which is rumored to be the best seller on Amazon and different online stores.

In order to conduct Vulnerability Assessment and Penetration Testing (VAPT ), the researchers used the steps of the PETIoT kill chain. According to the paper, they discovered four bugs that could have a “dramatic impact”:

  • A serious bug caused by the accompanying smartphone app’s lack of authentication, allowing anyone to authenticate to the app while posing as the bright bulb
  • A great severity bug involving a hard-coded, too-short key shared by the Tapo app and wise bulb, which is made public by code fragments it runs and the app’s nbsp function.
  • a vulnerability of average severity brought on by symmetry encryption’s lack of randomness
  • A medium-level vulnerability that could be combined with the aforementioned bug to result in service denial

More information on bright home threats can be found in Smart Home Experiences Over 12, 000 Cyber-Attacks in a Week.

According to the report,” In short, authentication is not adequately accounted for and confidentiality is poorly achieved by the implemented crypto measures.”

As a result, an attacker who is close to the bulb has the freedom to use any device in the Tapo family that the user may have on her account. Additionally, the attacker can find out the victim’s Wi-Fi password, greatly increasing his malignant potential.

The Japanese manufacturer was informed of the researchers ‘ findings in a responsible manner, and firmware updates would be made to address the bugs. The paper doesn’t specify whether these have been made available yet, though.

According to Andrew Bolster, top R&D manager for data science at Synopsys,” these supporting and smart devices can be the weak link into the trusted home environment, a beachhead for malicious actors to finally gain vertical access to different devices behind the” safe” firewall.”

” The likelihood of security failures spreading dramatically increases as we add more and more intelligent devices, whether they be refrigerators, voice assistive systems, heating controllers or vacuum cleaners.”

Leo Portal

Leo is an expert in the field of smart city research and an overall tech-enthusiast with an emphasis on smart energy, IOT, smart homes and governance. After a master degree in international administration at the University of Gothenburg in Sweden, and a master in public management at Fudan University in China, he pursued research studies in the field of smart cities at the European University Institute. This led him to publish multiple articles on smart cities. Among them “Using Smart People to Build Smarter: How Smart Cities Attract and Retain Highly Skilled Workers to Drive Innovation (Belgium, Denmark, the Netherlands, Poland)” published in the Smart Cities and Regional Development Journal (SCRD) and “Establishing Participative Smart Cities: Theory and Practice”, also published in the SCRD Journal. He regularly audits and advises municipalities and regional governments on their smart city strategies. He is currently writing a chapter for Springer on smart mobility in French smart cities.

Leave a Reply

Your email address will not be published.

Previous Story

Call to Double R&D to Forge Tomorrow’s Economy

Next Story

Lille announces ban on cyclists in city centre

Latest from Technology

Don't Miss