Despite their apparent simplicity, devices like smart light bulbs and electrical plugs are often perceived as exempt from rigorous security measures. However, this paper challenges this misconception, uncovering how vulnerabilities in these seemingly innocuous devices can expose users to significant risks. This paper extends the findings outlined in previous work, introducing a novel attack scenario. This new attack allows malicious actors to obtain sensitive credentials, including the victim's Tapo account email and password, as well as the SSID and password of her local network. Furthermore, we demonstrate how these findings can be replicated, either partially or fully, across other smart devices within the same IoT ecosystem, specifically those manufactured by Tp-Link. Our investigation focused on the Tp-Link Tapo range, encompassing smart bulbs (Tapo L530E, Tapo L510E V2, and Tapo L630), a smart plug (Tapo P100), and a smart camera (Tapo C200). Utilizing similar communication protocols, or slight variants thereof, we found that the Tapo L530E, Tapo L510E V2, and Tapo L630 are susceptible to complete exploitation of all attack scenarios, including the newly identified one. Conversely, the Tapo P100 and Tapo C200 exhibit vulnerabilities to only a subset of attack scenarios. In conclusion, by highlighting these vulnerabilities and their potential impact, we aim to raise awareness and encourage proactive steps towards mitigating security risks in smart device deployment.

翻译：尽管智能灯泡和智能插座等设备看似简单，常被认为无需严格的安全措施，但本文挑战了这一误解，揭示了这些看似无害的设备中的漏洞如何使用户面临重大风险。本文扩展了先前研究中的发现，提出了一种新颖的攻击场景。该新型攻击使恶意行为者能够获取敏感凭证，包括受害者的Tapo账户邮箱与密码，以及其本地网络的SSID与密码。此外，我们论证了这些发现如何能在同一物联网生态系统（特别是Tp-Link制造）的其他智能设备上部分或完全复现。我们的研究聚焦于Tp-Link Tapo系列产品，包括智能灯泡（Tapo L530E、Tapo L510E V2和Tapo L630）、智能插座（Tapo P100）和智能摄像头（Tapo C200）。通过使用相同或略微变通的通信协议，我们发现Tapo L530E、Tapo L510E V2和Tapo L630易受所有攻击场景（包括新发现的攻击）的完全利用。相反，Tapo P100和Tapo C200仅对部分攻击场景表现出脆弱性。总之，通过揭示这些漏洞及其潜在影响，我们旨在提高认知并鼓励采取主动措施，以缓解智能设备部署中的安全风险。