Four vulnerabilities identified by academic researchers from Italy and the UK in the TP-Link Tapo L530E smart bulb and its accompanying mobile application can be exploited to obtain the local Wi-Fi network’s password.
Currently a best-seller on Amazon Italy, the TP-Link Tapo smart Wi-Fi light bulb (L530E) is cloud-enabled and can be controlled using a Tapo application (available on both Android and iOS) and a Tapo account.
The most severe of the identified issues is described as a “lack of authentication of the smart bulb with the Tapo app”, which allows an attacker to impersonate a smart bulb and authenticate to the application. The issue has a CVSS score of 8.8.
With a CVSS score of 7.6, the second bug impacts both the smart bulb and the Tapo app, which use a hardcoded, short shared secret exposed by code fragments.
The third and fourth issues have severity ratings of ‘medium’ and are related to message transmissions between the application and the smart bulb.
The app and the bulb, the academics explain in a research paper (PDF), use static initialization vectors for each message and do not check the freshness of the received messages.
By exploiting the first vulnerability, the researchers say, an attacker within the range of the smart bulb – and of the local Wi-Fi network – can learn the victim’s Tapo credentials, as well as their Wi-Fi credentials.
The issue can only be exploited if the smart bulb is in setup mode, when it exposes its SSID. If it is already connected, however, the attacker can mount a Wi-Fi deauthentication attack and repeat it until the user resets the bulb.
The remaining flaws allow an attacker to obtain the key that the app and smart bulb use for authentication and message integrity checks and tamper with the authentication process. They can also be leveraged to reuse messages sent by the application to operate the device, while ensuring that these messages are accepted.
The researchers reported the identified flaws via TP-Link’s vulnerability reporting program. The manufacturer informed them that it has started working on fixes.
The academics conducted their research using the IoT penetration testing tool PETIoT (PEnetration Testing the Internet of Things).
“Contrary to a potential belief that smart bulbs are not worth protecting or hacking, we found out that this model suffers four vulnerabilities that are not trivial and, most importantly, may have a dramatic impact,” the academics note.
Related: New Research Shows Potential of Electromagnetic Fault Injection Attacks Against Drones
Related: Researcher Says Google Paid $100k Bug Bounty for Smart Speaker Vulnerabilities
Related: Researchers: Wi-Fi Probe Requests Expose User Data
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
