Storming the Kasa? Security analysis of TP-Link Kasa smart home devices

Date
2019-01-01
Authors
Halterman, Andrew
Major Professor
Yong Guan
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Altmetrics
Authors
Research Projects
Organizational Units
Journal Issue
Series
Department
Electrical and Computer Engineering
Abstract

Three low-cost, app-controlled smart home devices from Kasa Smart were analyze for any potential security issues. Documentation was created regarding the TP-Link Smart Home Protocol, a method of communication between the Kasa Smart appliances and the official Kasa Smart app. It was found that timer and burglar-deterrence functionality were supported by LB100 bulb firmware, but were not included in the app version tested. The Smart Home Protocol lacked command authentication, allowing local attackers to snoop, spoof, and spam commands. It was observed that the tested appliances would become temporarily unresponsive after receiving a Nmap “version detection” scan on Transmission Control Protocol (TCP) port 9999. Coarse-grain forensic data about an owner’s schedule and device usage were retrieved from the devices using the Smart Home Protocol commands. Additionally, two tested devices were found to contain a user’s latitude and longitude from when the devices were first deployed. Performing a reset on the device prevented user data from being accessed by queries using the TP-Link Smart Home Protocol.

Comments
Description
Keywords
Citation
DOI
Source