IoT can be Hacked to Hack into your Household
Work
"IoT can be Hacked to Hack into your Household" is the description of a Penetration Testing session on five different IoT devices belonging the TP-Link Tapo IoT ecosystem. The studied device are the Tapo L530E, the Tapo L510E V2, the Tapo L630, the Tapo C200, and the Tapo P100. During the session we found four vulnerabilities that allow to perform five attacks. Due to the authentication not well accounted for and the confidentiality not sufficiently guaranteed by the implemented cryptographic measures, the attacker can operate at will all devices of the Tapo family that the user may have on her Tapo account and learn the victim's Wi-Fi password, thereby escalating his malicious potential considerably.
The tested firmware's versions of each device are:
Vulnerable version | Fixed version | |
---|---|---|
L530E | 1.1.9 | 1.2.4 |
L510E | 1.0.8 | 1.1.0 |
L630 | 1.0.3 | 1.0.4 |
P100 | 1.4.9 and 1.4.16 | 1.5.0 |
C200 | 1.1.18 | - |
Tp-Link acknowledged the issues we responsibly reported through their Product Security Advisory (PSA). We actively collaborated with them, by testing the fixes and confirming the attack scenarios are no longer exploitable or do not give the attacker any advantage. Tp-Link confirmed that they already released the necessary fixes to address the vulnerabilities and that the changes do not affect the normal use and stability of the products.
The vulnerabilites that affect each device are:
Vulnerability 1 | Vulnerability 2 | Vulnerability 3 | Vulnerability 4 | |
---|---|---|---|---|
L530E | 🐞 | 🐞 | 🐞 | 🐞 |
L510E | 🐞 | 🐞 | 🐞 | 🐞 |
L630 | 🐞 | 🐞 | 🐞 | 🐞 |
P100 | 🐞 | 🐞 | 🐞 | 🐞 |
C200 | 🛡️ | 🐞 | 🛡️ | 🛡️ |