I have this old TP-Link smart lightbulb, it’s the only thing that’s IoT and on WiFi in my house.

Looking through pfBlocker logs for fun, and noticed it’s been trying to connect to the Tor network.

Oh! Also, it’s been uploading and downloading 100+ MB of data a day.

  • mozz@mbin.grits.dev
    link
    fedilink
    arrow-up
    27
    arrow-down
    2
    ·
    11 months ago

    You’re the one that connected an impossible-to-security-update device to the internet. You can do plenty of home automation without it needing to be that way, if you’re open to a little more setup being involved in the process.

    • errorlab@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      4
      ·
      11 months ago

      It’s on it’s own VLAN from the beginning. Wanted to poke around but never got to it.

      I still have it connected, want to use for practice.

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        edit-2
        11 months ago

        Good on you. I use the poor man’s VLAN–guest Wi-Fi network to isolate my IoT devices.

        • errorlab@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          2
          ·
          11 months ago

          Will do. It’s part of a long list.

          Don’t know my ADHD will hyper focus on it tho haha

      • mozz@mbin.grits.dev
        link
        fedilink
        arrow-up
        3
        arrow-down
        4
        ·
        11 months ago

        I have no idea of all the details, but in legal terms this is called “res ipsa loquitur” – in this case, the fact that it clearly seems compromised is pretty solid evidence that it wasn’t immune to compromise.

        • errorlab@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          11 months ago

          Expected since TP-Link stopped updating them shortly after release.