The IoT Breaches Your Household Again

Davide Bonaventura, Sergio Esposito, Giampaolo Bella

2024

Abstract

Despite their apparent simplicity, devices like smart light bulbs and electrical plugs are often perceived as exempt from rigorous security measures. However, this paper challenges this misconception, uncovering how vulnerabilities in these seemingly innocuous devices can expose users to significant risks. This paper extends the findings outlined in previous work, introducing a novel attack scenario. This new attack allows malicious actors to obtain sensitive credentials, including the victim’s Tapo account email and password, as well as the SSID and password of her local network. Furthermore, we demonstrate how these findings can be replicated, either partially or fully, across other smart devices within the same IoT ecosystem, specifically those manufactured by Tp-Link. Our investigation focused on the Tp-Link Tapo range, encompassing smart bulbs (Tapo L530E, Tapo L510E V2, and Tapo L630), a smart plug (Tapo P100), and a smart camera (Tapo C200). Utilizing similar communication protocols, or slight variants thereof, we found that the Tapo L530E, Tapo L510E V2, and Tapo L630 are susceptible to complete exploitation of all attack scenarios, including the newly identified one. Conversely, the Tapo P100 and Tapo C200 exhibit vulnerabilities to only a subset of attack scenarios. In conclusion, by highlighting these vulnerabilities and their potential impact, we aim to raise awareness and encourage proactive steps towards mitigating security risks in smart device deployment.

Download


Paper Citation


in Harvard Style

Bonaventura D., Esposito S. and Bella G. (2024). The IoT Breaches Your Household Again. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 475-482. DOI: 10.5220/0012767700003767


in Bibtex Style

@conference{secrypt24,
author={Davide Bonaventura and Sergio Esposito and Giampaolo Bella},
title={The IoT Breaches Your Household Again},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={475-482},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012767700003767},
isbn={978-989-758-709-2},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - The IoT Breaches Your Household Again
SN - 978-989-758-709-2
AU - Bonaventura D.
AU - Esposito S.
AU - Bella G.
PY - 2024
SP - 475
EP - 482
DO - 10.5220/0012767700003767
PB - SciTePress