Storming the Kasa? Security analysis of TP-Link Kasa smart home devices

Thumbnail Image
Date
2019-01-01
Authors
Halterman, Andrew
Major Professor
Yong Guan
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Authors
Research Projects
Organizational Units
Organizational Unit
Electrical and Computer Engineering

The Department of Electrical and Computer Engineering (ECpE) contains two focuses. The focus on Electrical Engineering teaches students in the fields of control systems, electromagnetics and non-destructive evaluation, microelectronics, electric power & energy systems, and the like. The Computer Engineering focus teaches in the fields of software systems, embedded systems, networking, information security, computer architecture, etc.

History
The Department of Electrical Engineering was formed in 1909 from the division of the Department of Physics and Electrical Engineering. In 1985 its name changed to Department of Electrical Engineering and Computer Engineering. In 1995 it became the Department of Electrical and Computer Engineering.

Dates of Existence
1909-present

Historical Names

  • Department of Electrical Engineering (1909-1985)
  • Department of Electrical Engineering and Computer Engineering (1985-1995)

Related Units

Journal Issue
Is Version Of
Versions
Series
Abstract

Three low-cost, app-controlled smart home devices from Kasa Smart were analyze for any potential security issues. Documentation was created regarding the TP-Link Smart Home Protocol, a method of communication between the Kasa Smart appliances and the official Kasa Smart app. It was found that timer and burglar-deterrence functionality were supported by LB100 bulb firmware, but were not included in the app version tested. The Smart Home Protocol lacked command authentication, allowing local attackers to snoop, spoof, and spam commands. It was observed that the tested appliances would become temporarily unresponsive after receiving a Nmap “version detection” scan on Transmission Control Protocol (TCP) port 9999. Coarse-grain forensic data about an owner’s schedule and device usage were retrieved from the devices using the Smart Home Protocol commands. Additionally, two tested devices were found to contain a user’s latitude and longitude from when the devices were first deployed. Performing a reset on the device prevented user data from being accessed by queries using the TP-Link Smart Home Protocol.

Comments
Description
Keywords
Citation
DOI
Source
Subject Categories
Copyright
Tue Jan 01 00:00:00 UTC 2019