Did You Know These Lightbulbs Can Steal Your WiFi?

In case you read that headline twice – you’re not alone. You did not read incorrectly. A particular type of smart light bulb has been found to allow hackers to steal your WiFi password.

Recently, researchers have discovered four significant vulnerabilities in the top-selling TP-Link Tapo L530 smart bulbs.

This blog will uncover why this is possible with smart bulbs, whether smart bulbs are safe to use, and recommended actions to protect yourself – and your business – if you use them.

Are Smart Bulbs Safe to Use? 

Yes…and no. While it is true that because smart bulbs are connected to your home WiFi network, hackers can use them to infiltrate your network and steal personal information.

However, they are no less safe than any other smart device in your home that is connected to your WiFi network. 

A recent study revealed significant security holes in many popular smart-light brands, including TP-Link. While all smart devices pose a security risk, smart bulbs can be even more dangerous if plugged into a greater smart home hub. 

Flaws in Smart Bulbs

Four critical vulnerabilities were uncovered in the TP-Link smart bulbs. 

1. Improper authentication–this allows attackers to impersonate the device during the session key exchange step. This allows a remote attacker to steal Tapo user passwords and then move to manipulate the device.
2. Hackers can decompile the Tapo app.
3. There is a lack of randomness during symmetric encryption. 
4. There is a lack of checks for the validity of received messages. Session keys stay valid for 24 hours, allowing attackers to replay messages during that time.

How to Safely Use Smart Bulbs

With the technological advancement of smart bulbs and whole-home systems, the security vulnerabilities surrounding these devices are a serious concern. Still, they don’t have to deter technology-savvy users completely. There are ways to make use of smart bulbs safer.

1. Choose a strong device password. And not just for your smart bulbs – for any smart devices in your home.
2. Connect your smart bulbs to a smart home hub. Why? Because then your smart bulbs communicate directly with the home hub rather than your Wi-Fi network, which lowers the hacker vulnerability of your home.

If you have questions about smart devices for personal or business use, we can help. PK Tech is an obvious advocate of technology use but within safe parameters. As new technologies like smart bulbs are introduced, it is vital to make sure you understand the security ramifications. Get in touch with our team here with questions.