A joint study by the Sicilian University of Catania and the University of London revealed a vulnerability in certain smart bulbs and their app.

Researchers from the Sicilian University of Catania and the University of London have jointly published a report on the vulnerability of certain smart bulbs and the accompanying app. However, their research mainly uses this specific example to show the risks of smart devices and IoT in general.

products and vulnerabilities

The research focuses on the TP-Link Tapo L530E smart lamp and the accompanying TP-Link Tapo app. This was chosen because of its popularity. Because of the vulnerabilities in this combination, hackers can get your WiFi password.

The most dangerous vulnerability is rated 8.8 on the CVSS scale and allows attackers to steal Tapo passwords through weak authentication. This allows them to impersonate the device and manipulate it.

Vulnerability number two is hard-coded and has a CVSS score of 7.7. The shared secret between app and lamp is too short and is revealed in the code fragments. The third problem scores a 4.6 on the CVSS scale and amounts to insufficient randomness in symmetric encryption.

Number four has a CVSS score of 5.7 and is mostly about the messages the app and lamp exchange. These are not updated often enough and the monitoring is not sufficient either.

Scenarios highlighted

The researchers examined various scenarios in which attackers could exploit these vulnerabilities. To this end, they conducted several experiments.

Using a combination of the first two, hackers can unauthenticate the lamp and force the user to set it up again. At this point, they can pose as a device, steal WiFi data, and gain access to any device on that network. In a smart home, there can be quite a few.

A classic MITM attack (man-in-the-middle) can also be set up via the first vulnerability. If the device is configured, communication between the lamp and the app can still be eavesdropped on. If this configuration is not yet complete, attackers can implant themselves between the two components and intercept the communication during this process.

Finally, the fourth vulnerability allows attackers to repeat previous messages between the lamp and the app. This allows them to actively change functionalities in the device.

Afterward

TP-Link was alerted by the research team and assured that the vulnerabilities would be fixed soon. However, the report does not provide a timetable for this.

In any case, this is yet another warning to keep every smart device updated, be it your laptop or fridge. Install updates when they are available and let the system scan when necessary.

Earlier this year, TP-Link launched several new routers and mesh solutions ready for WiFi 7. The foundation for this had already been laid a few months earlier.