The IoT Breaches your Household Again

TL;DR

This paper uncovers security vulnerabilities in Tp-Link Tapo smart devices, demonstrating how malicious actors can exploit these to access sensitive credentials and network information, thereby exposing users to significant risks.

Contribution

It introduces a novel attack scenario on Tapo devices and shows how these vulnerabilities can be exploited across multiple IoT devices within the same ecosystem.

Findings

Certain Tapo devices are fully exploitable with all attack scenarios.

Some devices are vulnerable to only specific attack scenarios.

The vulnerabilities can be replicated across similar IoT devices.

Abstract

Despite their apparent simplicity, devices like smart light bulbs and electrical plugs are often perceived as exempt from rigorous security measures. However, this paper challenges this misconception, uncovering how vulnerabilities in these seemingly innocuous devices can expose users to significant risks. This paper extends the findings outlined in previous work, introducing a novel attack scenario. This new attack allows malicious actors to obtain sensitive credentials, including the victim's Tapo account email and password, as well as the SSID and password of her local network. Furthermore, we demonstrate how these findings can be replicated, either partially or fully, across other smart devices within the same IoT ecosystem, specifically those manufactured by Tp-Link. Our investigation focused on the Tp-Link Tapo range, encompassing smart bulbs (Tapo L530E, Tapo L510E V2, and Tapo L630), a smart plug (Tapo P100), and a smart camera (Tapo C200). Utilizing similar communication protocols, or slight variants thereof, we found that the Tapo L530E, Tapo L510E V2, and Tapo L630 are susceptible to complete exploitation of all attack scenarios, including the newly identified one. Conversely, the Tapo P100 and Tapo C200 exhibit vulnerabilities to only a subset of attack scenarios. In conclusion, by highlighting these vulnerabilities and their potential impact, we aim to raise awareness and encourage proactive steps towards mitigating security risks in smart device deployment.