Internet of Things Security Evaluation: Penetration Testing the TP Link Tapo P100 Mini Smart Wi-Fi Socket
Abstract
Over the last decade, the usage of Internet of Things (IoT) devices has increased dramatically. Most fast-growing technological solutions, prioritise solving business issues first, with security being an afterthought. Unfortunately, the IoT is following suit. The majority of IoT devices, software, and infrastructure, were designed without emphasizing security. They rely on low-cost sensors and actuators, which are likely to be vulnerable. These circumstances can put entire ecosystems at risk, allowing attackers to take control and carry out malicious operations. Thus, Security issues in IoT products and services continue to be a source of concern. Therefore, it is critical to evaluate the security of these devices and staying one step ahead of the attacker.
Due to the growing interest in IoT devices and the security concerns, we conducted a security evaluation of the TP-link Tapo p100 smart plug based on the PTES and OWASP frameworks. The vulnerability assessment was performed on the device, the communication channel, and the mobile application. The evaluation found that the Tapo P100 had security vulnerabilities that a determined attacker may exploit, producing serious consequences for the device's owner.