Smart light bulbs can be used to hack into your home

The best-selling smart light bulb Tapo L530E can be used by threat actors to break into home systems, researchers found.

Tapo smart light bulbs use Wi-Fi for configuration, which enables you to remotely control the lights in your home using a smartphone. However, this is vulnerable to malicious attacks.

Researchers from Italy and the UK have identified four vulnerabilities – two of them of high severity – affecting smart light bulbs. By exploiting these vulnerabilities, threat actors could gain access to the victim’s Wi-Fi and Tapo app. Also, an attacker who’s located nearby the bulb can operate not just the bulb but all devices of the Tapo family that users may have on their Tapo account.

The most severe vulnerabilities include a lack of authentication of the smart bulb with the Tapo app. This means that anyone can authenticate to the app and pretend to be the smart bulb.

Another serious vulnerability discovered by the researchers is that the secret used by both the Tapo app and the smart bulb is short and exposed by both the code fragments run by the app and by the smart bulb.

The researchers contacted TP-Link, the company manufacturing Tapo light bulbs, and reported the vulnerabilities found. The company acknowledged the validity of the findings and said that they’ve started “working on fixes both at the app and at the bulb firmware levels, planning to release them in due course.”

More from Cybernews

Pornhub effect: eroding privacy online might impact freedom of speech

Defense contractor Belcan leaks admin password with a list of flaws

Hackers exposed 2.6 million Duolingo users, more available for scraping

FBI names cryptocurrency funds stolen by infamous Lazarus Group

Experian fined $650K over sales emails

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked