Storming the Kasa? Security analysis of TP-Link Kasa smart home devices
| dc.contributor.author | Halterman, Andrew | |
| dc.contributor.department | Department of Electrical and Computer Engineering | |
| dc.contributor.majorProfessor | Yong Guan | |
| dc.date | 2020-01-07T20:10:30.000 | |
| dc.date.accessioned | 2020-06-30T01:34:41Z | |
| dc.date.available | 2020-06-30T01:34:41Z | |
| dc.date.copyright | Tue Jan 01 00:00:00 UTC 2019 | |
| dc.date.issued | 2019-01-01 | |
| dc.description.abstract | <p>Three low-cost, app-controlled smart home devices from Kasa Smart were analyze for any potential security issues. Documentation was created regarding the TP-Link Smart Home Protocol, a method of communication between the Kasa Smart appliances and the official Kasa Smart app. It was found that timer and burglar-deterrence functionality were supported by LB100 bulb firmware, but were not included in the app version tested. The Smart Home Protocol lacked command authentication, allowing local attackers to snoop, spoof, and spam commands. It was observed that the tested appliances would become temporarily unresponsive after receiving a Nmap “version detection” scan on Transmission Control Protocol (TCP) port 9999. Coarse-grain forensic data about an owner’s schedule and device usage were retrieved from the devices using the Smart Home Protocol commands. Additionally, two tested devices were found to contain a user’s latitude and longitude from when the devices were first deployed. Performing a reset on the device prevented user data from being accessed by queries using the TP-Link Smart Home Protocol.</p> | |
| dc.format.mimetype | ||
| dc.identifier | archive/lib.dr.iastate.edu/creativecomponents/392/ | |
| dc.identifier.articleid | 1424 | |
| dc.identifier.contextkey | 15757521 | |
| dc.identifier.doi | https://doi.org/10.31274/cc-20240624-1335 | |
| dc.identifier.s3bucket | isulib-bepress-aws-west | |
| dc.identifier.submissionpath | creativecomponents/392 | |
| dc.identifier.uri | https://dr.lib.iastate.edu/handle/20.500.12876/16947 | |
| dc.source.bitstream | archive/lib.dr.iastate.edu/creativecomponents/392/Halterman_cc_final_draft.pdf|||Fri Jan 14 23:55:42 UTC 2022 | |
| dc.subject.disciplines | Other Computer Engineering | |
| dc.subject.keywords | Internet of Things | |
| dc.subject.keywords | IoT | |
| dc.subject.keywords | Smart Home | |
| dc.title | Storming the Kasa? Security analysis of TP-Link Kasa smart home devices | |
| dc.type | creative component | |
| dc.type.genre | creative component | |
| dspace.entity.type | Publication | |
| relation.isOrgUnitOfPublication | a75a044c-d11e-44cd-af4f-dab1d83339ff | |
| thesis.degree.discipline | Information Assurance | |
| thesis.degree.level | creativecomponent |
File
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- Halterman_cc_final_draft.pdf
- Size:
- 781.04 KB
- Format:
- Adobe Portable Document Format
- Description: