Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Your lightbulbs can be hacked to breach your Wi-Fi network

Concept art representing cybersecurity principles

TP-Link’s popular smart lightbulb and its companion mobile app were found to be carrying multiple high-severity flaws which could allow hackers to gain access to the connected Wi-Fi network.

That, in turn, could allow threat actors to access other endpoints on the network, which could give them access to sensitive data, or allow them to deploy different malware and ransomware.

This is according to cybersecurity researchers from the Italian Universita di Catania, and their peers from the University of London. As reported by BleepingComputer, the researchers from these two universities analyzed the "top-selling" TP-Link Tapo L530E and its companion app, which has approximately 10 million installations on Google Play alone.

Four vulnerabilities

In total, the researchers uncovered four vulnerabilities. The first two (severity scores 8.8 and 7.6.) could be chained to impersonate the lightbulb on the network, and thus retrieve the Tapo user account details. This information can then be used to extract the target’s Wi-Fi SSD and password. 

The fourth vulnerability can be used to launch so-called replay attacks, which the attackers can use to make functional changes in the lightbulb.

The researchers said they reached out to TP-Link with their findings, which the company subsequently acknowledged. It also said that it would release a patch soon. Other than that, TP-Link is currently silent on the matter, BleepingComputer concluded. 

Smart devices and home appliances could be a great way to automate some of the more mundane household tasks, but they also present unique security challenges. Cybersecurity researchers agree that these devices should be kept on a separate network and that they should always be up-to-date.

Recently, its was found that many older Canon printers carry a flaw that allow others to access the Wi-Fi SSIDs and passwords stored in their memory. It therefore warned users to make sure to delete all network information prior to discarding or reselling the affected models.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.