loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Davide Bonaventura 1 ; Sergio Esposito 2 and Giampaolo Bella 1

Affiliations: 1 Dipartimento di Matematica e Informatica, Università di Catania, Catania, Italy ; 2 Information Security Group, Royal Holloway, University of London, Egham, U.K.

Keyword(s): IoT, Smart Homes, Smart Devices, Smart Bulb, Penetration Test, Vulnerability Assessment.

Abstract: The IoT is getting more and more pervasive. Even the simplest devices, such as a light bulb or an electrical plug, are made “smart” and controllable by our smartphone. This paper describes the findings obtained by applying the PETIoT kill chain to conduct a Vulnerability Assessment and Penetration Testing session on a smart bulb, the Tapo L530E by Tp-Link, currently best seller on Amazon Italy. We found that four vulnerabilities affect the bulb, two of High severity and two of Medium severity according to the CVSS v3.1 scoring system. In short, authentication is not well accounted for and confidentiality is insufficiently achieved by the implemented cryptographic measures. In consequence, an attacker who is nearby the bulb can operate at will not just the bulb but all devices of the Tapo family that the user may have on her Tapo account. Moreover, the attacker can learn the victim’s Wi-Fi password, thereby escalating his malicious potential considerably. The paper terminates with an outline of possible fixes. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.144.103.20

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Bonaventura, D.; Esposito, S. and Bella, G. (2023). Smart Bulbs Can Be Hacked to Hack into Your Household. In Proceedings of the 20th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-666-8; ISSN 2184-7711, SciTePress, pages 218-229. DOI: 10.5220/0012092900003555

@conference{secrypt23,
author={Davide Bonaventura. and Sergio Esposito. and Giampaolo Bella.},
title={Smart Bulbs Can Be Hacked to Hack into Your Household},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - SECRYPT},
year={2023},
pages={218-229},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012092900003555},
isbn={978-989-758-666-8},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - SECRYPT
TI - Smart Bulbs Can Be Hacked to Hack into Your Household
SN - 978-989-758-666-8
IS - 2184-7711
AU - Bonaventura, D.
AU - Esposito, S.
AU - Bella, G.
PY - 2023
SP - 218
EP - 229
DO - 10.5220/0012092900003555
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic