A pair of information security experts from the University of Catania, working with a colleague from the University of London, discovered four vulnerabilities in one of TP-Link’s most popular smart bulbs. Davide Bonaventura, Giampaolo Bella and Sergio Esposito wrote an article describing their testing of the smart bulb and what they found. They published it on the Preprints server arXiv.

Smart bulbs like TP-Link’s allow users to control the bulb’s functions via a smartphone app. These features include the ability to choose the color of the lamp, program a timer to show when to turn the lamp on and off, and monitor energy consumption. The bulbs can also be controlled directly over Wi-Fi; which means they don’t need a hub or any other hardware. This latest feature, discovered by three researchers, makes the lamp vulnerable to hackers.

While testing Tapo’s most popular smart light bulb, the L530E, the researchers discovered what they described as four vulnerabilities. One of these vulnerabilities was stated to be very serious; there was no authorization feature between the bulb itself and the associated program. This allowed the research team to simulate a light bulb during a test session, type in the password associated with the light bulb, and control their actions from there.

The second vulnerability, which the team classified as serious, allowed nearby hackers to authenticate when the device was discovered in order to obtain the secret code used for authentication. The third vulnerability was the lack of randomness during encryption, which made the scheme predictable, and the fourth vulnerability allowed the team to replay messages sent to and from the bulb.

The research trio noted that a lightbulb impersonation vulnerability allows Tapo account information to be stolen, which could be used to indirectly reveal the Wi-Fi password used by the Wi-Fi system to which the light bulb is connected. Once hackers get hold of such a password, they can not only hijack the network for their own use, but also use it to access other devices on the network.

The research group reported what they found TP-Link It was informed that all detected security vulnerabilities have been fixed and fixes continue. Source