I have this old TP-Link smart lightbulb, it’s the only thing that’s IoT and on WiFi in my house.

Looking through pfBlocker logs for fun, and noticed it’s been trying to connect to the Tor network.

Oh! Also, it’s been uploading and downloading 100+ MB of data a day.

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      11 months ago

      I went to ask nicely for help from their support department and got a development build for one of their routers. Not only was it an ancient version of OpenWRT with the myriad of unpatched vulnerabilities, but it had absolutely dumb/weird configurations like the Wi-Fi password being a user account password exposed to a patched up SSH daemon with shell /bin/false. Just a whole lot of why and an obvious lack of care put into the software.

      Their devices function… Most of the time. That’s about all that’s redeeming.

    • Auzy@beehaw.org
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      This is a TPLink KASA plug. I wouldn’t touch their routers but their smart home equipment actually isn’t bad…