The best-selling smart light bulb Tapo L530E can be used by threat actors to break into home systems, researchers found.
Tapo smart light bulbs use Wi-Fi for configuration, which enables you to remotely control the lights in your home using a smartphone. However, this is vulnerable to malicious attacks.
Researchers from Italy and the UK have four vulnerabilities – two of them of high severity – affecting smart light bulbs. By exploiting these vulnerabilities, threat actors could gain access to the victim’s Wi-Fi and Tapo app. Also, an attacker who’s located nearby the bulb can operate not just the bulb but all devices of the Tapo family that users may have on their Tapo account.
The most severe vulnerabilities include a lack of authentication of the smart bulb with the Tapo app. This means that anyone can authenticate to the app and pretend to be the smart bulb.
Another serious vulnerability discovered by the researchers is that the secret used by both the Tapo app and the smart bulb is short and exposed by both the code fragments run by the app and by the smart bulb.
The researchers contacted TP-Link, the company manufacturing Tapo light bulbs, and reported the vulnerabilities found. The company acknowledged the validity of the findings and said that they’ve started “working on fixes both at the app and at the bulb firmware levels, planning to release them in due course.”
More from Cybernews
Subscribe to our newsletter