Storming the Kasa? Security analysis of TP-Link Kasa smart home devices

dc.contributor.author Halterman, Andrew
dc.contributor.department Electrical and Computer Engineering
dc.contributor.majorProfessor Yong Guan
dc.date 2020-01-07T20:10:30.000
dc.date.accessioned 2020-06-30T01:34:41Z
dc.date.available 2020-06-30T01:34:41Z
dc.date.copyright Tue Jan 01 00:00:00 UTC 2019
dc.date.issued 2019-01-01
dc.description.abstract <p>Three low-cost, app-controlled smart home devices from Kasa Smart were analyze for any potential security issues. Documentation was created regarding the TP-Link Smart Home Protocol, a method of communication between the Kasa Smart appliances and the official Kasa Smart app. It was found that timer and burglar-deterrence functionality were supported by LB100 bulb firmware, but were not included in the app version tested. The Smart Home Protocol lacked command authentication, allowing local attackers to snoop, spoof, and spam commands. It was observed that the tested appliances would become temporarily unresponsive after receiving a Nmap “version detection” scan on Transmission Control Protocol (TCP) port 9999. Coarse-grain forensic data about an owner’s schedule and device usage were retrieved from the devices using the Smart Home Protocol commands. Additionally, two tested devices were found to contain a user’s latitude and longitude from when the devices were first deployed. Performing a reset on the device prevented user data from being accessed by queries using the TP-Link Smart Home Protocol.</p>
dc.format.mimetype PDF
dc.identifier archive/lib.dr.iastate.edu/creativecomponents/392/
dc.identifier.articleid 1424
dc.identifier.contextkey 15757521
dc.identifier.s3bucket isulib-bepress-aws-west
dc.identifier.submissionpath creativecomponents/392
dc.identifier.uri https://dr.lib.iastate.edu/handle/20.500.12876/16947
dc.source.bitstream archive/lib.dr.iastate.edu/creativecomponents/392/Halterman_cc_final_draft.pdf|||Fri Jan 14 23:55:42 UTC 2022
dc.subject.disciplines Other Computer Engineering
dc.subject.keywords Internet of Things
dc.subject.keywords IoT
dc.subject.keywords Smart Home
dc.title Storming the Kasa? Security analysis of TP-Link Kasa smart home devices
dc.type article
dc.type.genre creativecomponent
dspace.entity.type Publication
relation.isOrgUnitOfPublication a75a044c-d11e-44cd-af4f-dab1d83339ff
thesis.degree.discipline Information Assurance
thesis.degree.level creativecomponent
File
Original bundle
Now showing 1 - 1 of 1
Name:
Halterman_cc_final_draft.pdf
Size:
781.04 KB
Format:
Adobe Portable Document Format
Description: