Tapo L430C - Candle Smart Light Bulb - Bluetooth Local Control
The Tapo L430C Candle Smart Light Bulb has a feature called 'Bluetooth Local Control.'
This allows control of the smart bulb easily through Bluetooth, without having it join a WiFi network, it creates an open Bluetooth LE connection to each bulb.
However:
- This connection is not just for onboarding, but remains open permanently, even when connected to WiFi.
- This open connection is not documented, and as such it is not possible to determine the security risk.
- The bulb is sold in a 'twin pack' and is likely to be used in multiples e.g. 8 bulbs = 8 open Bluetooth connections visible to anyone in range.
The feature request is to allow the ability to turn off Bluetooth entirely after successful connection to WiFi.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
The Bluetooth connection (control method) for the light bulb is securely encrypted. To discover the light bulb's Bluetooth and connect for control, you must use the Tapo App and log in with a TP-Link account that is linked to this light bulb or has been shared access to the device.
- Copy Link
- Report Inappropriate Content
Thank you for your reply. Whilst I agree that to connect to the bulb, "you must use the Tapo App and log in with a TP-Link account that is linked to this light bulb or has been shared access to the device", I am not sure if that is true for 'discovering' the bulb.
All bulbs were visible when searching for Bluetooth connections, and the Bluetooth name easily identified they were Tapo devices.
I still believe that for privacy reasons, there should be the ability to turn off the Bluetooth.
- Copy Link
- Report Inappropriate Content
Checked with the R&D team, the Bluetooth is indeed broadcast (although it wasn't like that the last time i checked on my device, which now shows.). However, I would like to emphasize that this Bluetooth control method is highly secure. As previously mentioned, it employs strong encryption and requires a TP-Link account that is either linked to the bulb or has shared access permissions. You’ll need to log into the Tapo App to connect to the Bluetooth and control the device successfully. Moreover, the Bluetooth broadcast does not transmit any sensitive information, so there’s no need to worry about data exposure.
To give a better understanding of your request, could you share what drew you to this particular model? For example, the shape? The local Bluetooth control feature is one of its key highlights, and without it, it’s quite similar to other bulb options.
- Copy Link
- Report Inappropriate Content
To give a better understanding of your request, could you share what drew you to this particular model? For example, the shape?
I needed an E14 Candle bulb.
The local Bluetooth control feature is one of its key highlights, and without it, it’s quite similar to other bulb options.
I disagree that it is a key highlight. Do you know how many people have bought this bulb specifically for this feature? Is it possible they bought it purely for the form factor as I did?
I have four wall lights, each with 2 bulbs - 8 bulbs in total. The bulbs are grouped and controlled as a set.
The Bluetooth local control is pointless in this scenario - it will never be used - each bulb has to be controlled individually. I ended up with eight visible and totally unnecessary blue connections in my lounge that cannot be turned off.
The connections identify the make and model of the bulb to my neighbours and anyone else in Bluetooth range. Whilst I agree that (at present) it employs strong encryption, advertising exactly what tech is in use in the property is not a good idea from a security perspective. The Bluetooth cannot be turned off or even renamed.
I have now returned all eight bulbs and received a full refund.
Please do not add Bluetooth Local Control to other bulbs/devices without the option to disable it.
Bluetooth security best practice is not to leave devices discoverable, particularly when they are not paired/connected.
Many Thanks...
- Copy Link
- Report Inappropriate Content
We appreciate your feedback. This has been recorded and will be forwarded to the relevant teams for review.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 231
Replies: 5
Voters 1
