News

Researchers from the University of Catania and the University of London have identified the TP-Link Tapo L530E smart bulb as being vulnerable to hacking. In a recent paper, the researchers explain that under specific circumstances, a hacker could impersonate the bulb and trick the Tapo app into revealing the user’s Tapo credentials and Wi-Fi router’s password.

The attack requires the Tapo L530E to be in setup mode, but a Wi-Fi deauthentication attack could easily deceive the user into putting the bulb back into pairing mode. Once the attacker gains access, they can launch denial-of-service attacks by exploiting vulnerabilities in the encrypted messages between the app and the bulb.

The researchers found multiple security flaws in the Tapo L530E, including a lack of identity verification between the bulb and the app, as well as a short and exposed shared secret code. TP-Link has acknowledged these vulnerabilities and claims to be working on fixes for both the bulb and the Tapo app.

To protect themselves, users with Tapo L530E bulbs are advised to take them offline until TP-Link releases security patches. This incident highlights the ongoing security concerns with smart home devices. In the past, other popular brands have also faced vulnerabilities, such as Philips Hue Bridge being hijacked through a weakness in the Zigbee wireless protocol and unencrypted video streams from Eufy security cameras being easily intercepted.

It is crucial for manufacturers to prioritize security measures in order to protect consumer privacy and data.

The post Smart Bulb Vulnerability Exposes Wi-Fi Password appeared first on satProviders.