The Internet of Things (IoT) is currently at its peak, with a rapid expansion of capabilities. This involves converting everyday items like light bulbs and plugs into smart devices controlled via smartphones. The number of IoT devices exceeded 13.8 billion in 2021, expected to quadruple by 2025, but this growth also introduces security risks exploited by cybercriminals. Researchers have discovered that even smart light bulbs, like the Tp-Link Tapo Smart Wi-Fi Multicolor Light Bulb, can be hacked to gather Wi-Fi credentials. They employed PETIoT, an IoT-focused Kill Chain, to assess vulnerabilities in these bulbs. This situation highlights challenges for cybersecurity experts dealing with the growing threats in the IoT landscape.
Because it is a cloud-enabled multicolor smart bulb, the Tapo L530E may be operated using the Tapo app on an Android or iOS device without the need for a hub. Instead, it connects directly to the home Wi-Fi network. According to the findings of the researchers, this particular kind of smart bulb is susceptible to each of the following four vulnerabilities:
LACK OF AUTHENTICATION OF THE SMART BULB WITH THE TAPO APP (8.8 CVSS SCORE, HIGH SEVERITY)
HARD-CODED, SHORT SHARED SECRET (7.6 CVSS SCORE, HIGH SEVERITY)
LACK OF RANDOMNESS DURING SYMMETRIC ENCRYPTION (4.6 CVSS SCORE, MEDIUM SEVERITY)
INSUFFICIENT MESSAGE FRESHNESS (5.7 CVSS SCORE, MEDIUM SEVERITY)
The examination and testing carried out by the security experts indicate the proximity-based attacks that were carried out on the smart bulb that was the target.The attack scenario that causes the greatest concern is one in which an attacker impersonates a bulb and retrieves information about a Tapo user account by exploiting vulnerabilities.
After that, the attacker may extract the victim’s WiFi SSID and password by using the Tapo app, allowing them to obtain access to any and all other devices that are connected to the victim’s network.
In order for the attack to be successful, the device in question must first be put into setup mode. However, the attacker has the ability to deauthenticate the bulb, which will need the user to re-configure it in order to get the light to work again.The researchers also investigated an MITM (Man-In-The-Middle) attack using a configured Tapo L530E device. This form of attack takes advantage of a vulnerability to intercept and control the connection between the app and the bulb, as well as to capture the RSA encryption keys that are used for further data transmission.
MITM attacks are also possible with unconfigured Tapo devices by leveraging a vulnerability once again by connecting to the WiFi during the setup process, bridging two networks, and routing discovery messages. This will eventually allow the attacker to retrieve Tapo passwords, SSIDs, and WiFi passwords in an easily decipherable base64 encoded form. Last but not least, a further flaw enables attackers to conduct what are known as “replay attacks.” These attacks involve recreating communications that have been sniffed in the past in order to bring about functional changes in the device.
In response, TP-Link gave the researchers their assurance that the issues that were found in their software as well as the firmware of the bulb will be fixed.
InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory
