CES 2021: confira os produtos mais interessantes do evento olhardigital.com.br - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from olhardigital.com.br Daily Mail and Mail on Sunday newspapers.
by Lubomir Stroetmann, Consultant and Tobias Esser, Consultant
The
TP-Link HS110 Wi-Fi is a cloud-enabled power plug that can be turned on and off remotely via app and offers energy monitoring and scheduling capabilities. As part of ongoing research into Internet of Things security, we performed a security analysis by reverse engineering the device firmware and Android app, sniffing app-to-device and device-to-app communications and fuzzing the proprietary protocols being used.
While cloud communication was found to be reasonably secure for an IoT device, we discovered two insecure proprietary local configuration protocols: A human-readable JSON protocol “encrypted” with an easily reversible autokey XOR cipher and a binary DES-encrypted configuration and debugging protocol (