Sunday, July 23, 2017

CYBR650 Week 7

Of note this week, I took the plunge into IoT or better put, I got a little deeper.  I already had an Amazon Echo which for all the hype is more fun than useful.  So as an impulse buy during Amazon Prime Day, I purchased 2 TP-Link Smart Wi-Fi LED Bulb with Dimmable Light (LB100).

On the usability side, I was very surprised.  Before I used this device, I expected to be a blinding LED search light.  However, I found that it really puts light out like a 50W bulb!  They dim correctly and work very well with the Amazon Echo.

Now for the real test of how neat these devices are - I put them to the Kim Test (my wife).  As a reference, I told her I was going to purchase the devices.  This resulted in a passing eye roll which translates into "more computer toys/junk".  This became my baseline non-tech reference point.  For example, when I tried to show her what I had done with my Pine64 it took less than 5 minutes for her to roll her eyes and walk away.  However, after I showed her how the TP-Link devices worked with the Amazon Echo, I received a WOW followed by her running through the different modes.  Finally, days afterwards she is still using the devices.  I conclude that these are very cool devices, even for the non-tech person based on the positive results of the Kim Test.

Now, after the fun was over, the next issue needed to be addressed, are these IoT devices vulnerable. Of course the first thing to do is hit Google.  The best reference I found was: Reverse Engineering the TP-Link HS110.  This is a plug, but I suspect it is no different than the bulb.  Here is the Security Analysis Summary -

The Good:

  • Cloud functionality can be turned off
  • Cloud communication uses HTTPS and CA pinning
  • Stores energy monitoring data locally
  • Firmware update checks signature against RSA keys

The Bad:

  • Useless encryption for local communication
  • No authentication: Anybody on the local network can turn the Smart Plug on and off, reset it or render it inoperable
  • TLS cloud connection could be intercepted with any valid Symantec EV certificate (only Root CA is checked)
  • Phones home even if set up as local-only
  • Undocumented configuration and debug service (TDDP)

The article is a year old.  One of the pluses, in my opinion, is the firmware is updatable which means vulnerabilities found can be updated.  I did scan to find the ports mentioned in the article and found 80 but did not get anything back.  I am not totally at ease with these devices, but they seem to be as secure as most home devices.  I think keeping good boundary protection will keep me safe.

And hey, these devices paired with an Echo or Dot are cool!



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)