Degree Type
Creative Component
Semester of Graduation
Fall 2019
Department
Electrical and Computer Engineering
First Major Professor
Yong Guan
Degree(s)
Master of Science (MS)
Major(s)
Information Assurance
Abstract
Three low-cost, app-controlled smart home devices from Kasa Smart were analyze for any potential security issues. Documentation was created regarding the TP-Link Smart Home Protocol, a method of communication between the Kasa Smart appliances and the official Kasa Smart app. It was found that timer and burglar-deterrence functionality were supported by LB100 bulb firmware, but were not included in the app version tested. The Smart Home Protocol lacked command authentication, allowing local attackers to snoop, spoof, and spam commands. It was observed that the tested appliances would become temporarily unresponsive after receiving a Nmap “version detection” scan on Transmission Control Protocol (TCP) port 9999. Coarse-grain forensic data about an owner’s schedule and device usage were retrieved from the devices using the Smart Home Protocol commands. Additionally, two tested devices were found to contain a user’s latitude and longitude from when the devices were first deployed. Performing a reset on the device prevented user data from being accessed by queries using the TP-Link Smart Home Protocol.
Copyright Owner
Halterman, Andrew
Copyright Year
2019
File Format
Recommended Citation
Halterman, Andrew, "Storming the Kasa? Security analysis of TP-Link Kasa smart home devices" (2019). Creative Components. 392.
https://lib.dr.iastate.edu/creativecomponents/392