Attacking TP-Link Suite of IoT Devices (Plugs and Bulbs)

ABSTRACT

Internet of Things (IoT) devices are interconnected together by various network protocols, with each device performing its own functionality - which may encompass different supporting technologies - as part of an IoT ecosystem. The ease of IoT devices extending the functionalities of objects used daily in systems such as in homes and workplaces has spurred the popularity of IoT devices worldwide. However, as a newly-developed area, the security of IoT devices has yet to have been scrutinised sufficiently, and this leaves increasing numbers of whole IoT ecosystems vulnerable to attacks. In this paper, IoT products from TP-Link, a popular consumer Wi-Fi device producer, are examined closely for vulnerabilities and assessed for possible feasible improvements. In particular, a replacement encryption scheme is proposed and TPLink’s authentication mechanisms are relooked. Additionally, a proof of concept (POC) web interface is developed to showcase the experiment’s findings of controlling the IoT devices found on the same network.