This Is How Hackers Can Use Smart Bulbs to Spy on Your Wi-Fi Password

This image represents the TP Link light bulb with the detected vulnerabilities

With the growing popularity of Internet of Things (IoT) devices, it has become crucial to implement stringent security and privacy policies for the safety of the users. That’s because IoT devices like smart bulbs connect to your Wi-Fi network and can pose a security threat. And in a recent turn of events, it seems like smart bulbs are much more prone to cyberattacks and if undetected, can cause serious impact.

Your Smart Bulb Can Expose Your Wi-Fi Password

Researchers from Italy and the UK were able to discover four critical vulnerabilities in the popular L530E smart bulb from TP-Link and in its proprietary Tapo app, as part of their research on the potential security risks posed by smart IoT devices.

The study reveals that by using four critical flaws within the L530E smart bulb and the Tapo app, hackers can easily gain access to your Wi-Fi network and potentially steal your Wi-Fi password. The bad actor can further modify the password and use it to manipulate other connected IoT devices and cause serious data and security breaches.

Tapo L530E smart bulb

After a thorough study, researchers from the Universita di Catania and the University of London were able to detect four key vulnerabilities within the Tapo L530 smart bulb and the Tapo app. These are:

  • Vulnerability 1: Lack of proper authentication on the Tapo L530 bulb makes it possible for bad actors to impersonate the device during the session key exchange step. With a CVSS v3.1 score of 8.8, this prominent shortcoming can allow a bad actor to extract the user’s Wi-Fi SSID and manipulate it with malicious intent.
  • Vulnerability 2: With a CVSS v3.1 score of 7.6, this next critical flaw can allow attackers to obtain a hard-coded short checksum shared secret by brute-forcing the Tapo app.
  • Vulnerability 3: This flaw makes the cryptographic scheme of the device predictable due to the lack of randomness during symmetric encryption.
  • Vulnerability 4: The final flaw lies in the fact that there is a lack of appropriate checks that can authenticate the freshness of received messages as well as the fact that the Tapo app keeps session keys valid for 24 hours. This subsequently allows attackers to easily access these stored messages which are supposed to be properly encrypted.

Finally, the issue stems from the lack of checks for the freshness of received messages, keeping session keys valid for 24 hours, and allowing attackers to replay messages during that period.

What Is the Solution to this Smart Bulb Vulnerability?

Following the revelations of the research paper, TP-Link has shared an official statement where it has acknowledged the research findings and has subsequently revealed that a new firmware and app update to fix the four vulnerabilities has already been rolled out. You can update the Tapo App from the Google Play Store and the iOS App Store.

To update the L530 smart bulb, visit the TP-Link support page. Find the list of affected smart bulbs attached below. So, if you own the Tapo L530 smart bulb, make sure to update the device firmware and the Tapo app on a priority.

List of affected TP Link smart bulbs
comment Comments 0
Leave a Reply