Your lightbulbs can be hacked to breach your Wi-Fi network
A popular smart lightbulb carried multiple vulnerabilities
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
TP-Link’s popular smart lightbulb and its companion mobile app were found to be carrying multiple high-severity flaws which could allow hackers to gain access to the connected Wi-Fi network.
That, in turn, could allow threat actors to access other endpoints on the network, which could give them access to sensitive data, or allow them to deploy different malware and ransomware.
This is according to cybersecurity researchers from the Italian Universita di Catania, and their peers from the University of London. As reported by BleepingComputer, the researchers from these two universities analyzed the “top-selling” TP-Link Tapo L530E and its companion app, which has approximately 10 million installations onGoogle Playalone.
Four vulnerabilities
In total, the researchers uncovered four vulnerabilities. The first two (severity scores 8.8 and 7.6.) could be chained to impersonate the lightbulb on the network, and thus retrieve the Tapo user account details. This information can then be used to extract the target’s Wi-Fi SSD and password.
The fourth vulnerability can be used to launch so-called replay attacks, which the attackers can use to make functional changes in the lightbulb.
A new Mirai variant is attacking Linux devices to build a beastly DDoS botnet>Mirai botnet now targeting critical flaw in thousands of routers>These are the best firewalls around
The researchers said they reached out to TP-Link with their findings, which the company subsequently acknowledged. It also said that it would release a patch soon. Other than that, TP-Link is currently silent on the matter, BleepingComputer concluded.
Smart devices and home appliances could be a great way to automate some of the more mundane household tasks, but they also present unique security challenges. Cybersecurity researchers agree that these devices should be kept on a separate network and that they should always be up-to-date.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Recently, its was found that many olderCanon printers carry a flaw that allow others to access the Wi-Fi SSIDs and passwordsstored in their memory. It therefore warned users to make sure to delete all network information prior to discarding or reselling the affected models.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
