I have this old TP-Link smart lightbulb, it’s the only thing that’s IoT and on WiFi in my house.

Looking through pfBlocker logs for fun, and noticed it’s been trying to connect to the Tor network.

Oh! Also, it’s been uploading and downloading 100+ MB of data a day.

  • henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    10 months ago

    I went to ask nicely for help from their support department and got a development build for one of their routers. Not only was it an ancient version of OpenWRT with the myriad of unpatched vulnerabilities, but it had absolutely dumb/weird configurations like the Wi-Fi password being a user account password exposed to a patched up SSH daemon with shell /bin/false. Just a whole lot of why and an obvious lack of care put into the software.

    Their devices function… Most of the time. That’s about all that’s redeeming.