Smart Bulbs can be Hacked to Hack into your Household

TL;DR

This paper reveals critical security vulnerabilities in a popular smart bulb, demonstrating how attackers can compromise the device and potentially access the entire Tapo ecosystem, highlighting the need for improved security measures.

Contribution

The study applies a structured vulnerability assessment to a widely used smart bulb, identifying multiple security flaws and proposing potential fixes.

Findings

Four vulnerabilities identified, two of high severity

Attacker can control the bulb and other Tapo devices

Wi-Fi password can be learned by attackers

Abstract

The IoT is getting more and more pervasive. Even the simplest devices, such as a light bulb or an electrical plug, are made "smart" and controllable by our smartphone. This paper describes the findings obtained by applying the PETIoT kill chain to conduct a Vulnerability Assessment and Penetration Testing session on a smart bulb, the Tapo L530E by Tp-Link, currently best seller on Amazon Italy. We found that four vulnerabilities affect the bulb, two of High severity and two of Medium severity according to the CVSS v3.1 scoring system. In short, authentication is not well accounted for and confidentiality is insufficiently achieved by the implemented cryptographic measures. In consequence, an attacker who is nearby the bulb can operate at will not just the bulb but all devices of the Tapo family that the user may have on her Tapo account. Moreover, the attacker can learn the victim's Wi-Fi password, thereby escalating his malicious potential considerably. The paper terminates with an outline of possible fixes.