The Bug Report: Researchers Discover a Smart Light Bulb Security Threat
There isn't any device on the planet that isn't impervious to security threats. If devices are connected to the web, chances are unknown threats can compromise them. Better known as the Internet of Things(IoT), one can't fathom smart devices being prone to security threats. However, according to reports, that is not the case. Researchers from Italy and the UK discovered four vulnerabilities in Amazon Italy's popular smart light bulb, the TP-Link Tapo L530E.
The first and significantly severe vulnerability discovered involves a lack of authentication of the smart bulb with the app. Using a Common Vulnerability Scoring System, the vulnerability has a high-severity rating of 8.8 out of 10. The high severity score is because anyone can authenticate and mask the app as a smart bulb. The second vulnerability has a 7.6 CVSS score and is from the hard-coded secret used by both the Tapo app and smart bulb, which exposes the code fragments used by both. The third vulnerability has a lower CVSS score and lacks symmetric encryption. The final and fourth vulnerability has a 5.7 CVSS score. This vulnerability indicates that neither the app nor the smart bulb can check the freshness of messages received, implying replayed attacks.
Researchers discovered an attacker could exploit vulnerabilities one and two to access the password and hashed email of the user's Tapo account. Any attacker can possibly access the Wi-Fi credentials of the network the smart bulb is using. Other smart devices using the same network are also subjected to the same vulnerabilities.
You can read about this research by clicking on this highlighted text (link ). As with all device vulnerabilities trending on the web, there is a solution to the problem in the form of a software update. TP-Link has acknowledged the problem and is in the process of working on fixes. Just imagine what can happen to other branded IoT devices, such as Phillips, with their Hue smart lights, medical sensors, smart door locks, and smartwatches—a cause for concern.
I highly recommend keeping your IoT devices on a different network. Take preventive measures, which include software updates, and create a potent password.
