My Tapo C200 camera was hacked last night, also my Tp-Link account

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

My Tapo C200 camera was hacked last night, also my Tp-Link account

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
My Tapo C200 camera was hacked last night, also my Tp-Link account
My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-04-03 08:26:53 - last edited 2022-05-18 02:58:23

My Tapo C200 camera was hacked last night, as well as my Tp-Link account which I use to log into the Tapo app on my Phone.

 

They accessed the Talk function on the camera placed in my living room and played a series of very loud screams and music, and then they said "we are sorry for disturbing you this late" (but that could have also been a recording). It was 2 AM.

 

I have 4 identical cameras linked to the same account, as far as I could tell this was the only one hacked. 

 

When I figured out what was happening, I opened the Tapo app on my iPhone and noticed I was logged out (never happened before). I reset the password, got back access to all the cameras and upgraded them all to the 1.1.16 firmware version (I couldn't find the option to automatically upgrade to new firmware versions, perhaps that should be implemented). 

 

I found a series of articles (cannot add the links unfortunately) that are describing in details how this can be achieved, but the vulnerability was supposed to have been fixed back in 2020. Also, this would mean the attacker would have also hacked my WiFi to be able to be on the same local network as the camera, which makes it a bit less random - they would have needed to be good at both hacking WiFis and Tapo devices. I didn't find any evidence that my WiFi had been hacked, but I did find an IP address that looked suspicious in the router's logs. 

 

So either the vulnerability is still there, in some shape or form, or it is a different type of vulnerability that is affecting more recent versions of the firmware. Or perhaps it was just the Tp-Link account information that was hacked, or the Tapo app I'm using, and not the camera itself. 

 

If this was related to the Tapo app or the Tp-Link account, I really hope all the logged-in devices are logged out after the account password is changed - otherwise the attackers might still have access to my account. According to this thread describing recent similar events that was closed, this may be the case still: https://community.tp-link.com/en/smart-home/forum/topic/239838 

 

I already sent all the details to Tp-Link Support and I am also writing to my ISP provider about this - mostly to mention that IP that I found. If it's kids playing around and just using tools found online, they might not be as good as hiding their tracks. 

 

I would appreciate any information or advice related to this event, I admit I am pretty much freaked out by what happened.

 

  12      
  12      
#1
Options
1 Accepted Solution
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account -Solution
2022-05-18 02:58:18 - last edited 2022-06-07 03:03:27

2022/06 Update

 

Tapo APP now supports two-step verification, it is recommended to enable 2FA in  tapo APP to add extra layer security for your account.

Introducing Two-Step Verification (2FA) for the Tapo App
 

Hello everyone,

We take the security feedback with high priority, if you found any abnormal situation with your account, here are some steps you should do to protect your account: 

1.  It is recommended to immediately change your account password and changing any other services that may use the same password.

 1) Create a Strong Password with a Mix of Numbers, Letters, Capitals

 2) Do not Reuse the same password across multiple platforms

 

2. Ensure firmware of your device is up-to-date; Confirm APP version is up-to-date 

From  Security Advisory board,  you could learn the latest information of remediation.

 

3. Enable Two-Step Verification for your Tapo APP 

Introducing Two-Step Verification (2FA) for the Tapo App

 

4. Double check if you have shared the account details with other people.

 

5. Reach our local support directly so they could look into the case directly (or report your feedback from APP Feedback entry) you may provide some case details below when reach support

1) the time and time zone when you notice something happened

2) TP-Link and MAC address of device 

3) Did you share the device, account, or camera account with someone else before? 

 

6. If you use other APP like Alexa/ Google and other apps, check if that has any schedule or automation settings that may cause the behavior of your smart device. 

Thank you. 

 

 

Recommended Solution
  0  
  0  
#6
Options
10 Reply
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-04-06 06:38:17 - last edited 2022-04-06 08:43:46

Hello   @Devkin2022 

It's a great step to reach our local support and check Security Advisory (at the bottom of tp-link website)  for any privacy and security related concerns, here you could reach our support team directly, so they could help look into the concern in the first time and provide assistance. 

Also, make sure you have used a strong password and do not reuse the same account and password on different platforms, which could be the reason that an account is compromised.   After the changing of password, the app requires to  logging in on all the mobile devices. 

To better assist with your case,I will create a support email for your case,  please check your email inbox for TKID220405657 

 

 

 

  0  
  0  
#2
Options
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-04-06 09:17:02

Hi  @Solla-topee thank you so much for all the info and advice!

 

I did reach out to local support but they claimed no one has ever reported this issue .... which is clearly not true, as I found mentions on this very forum and there are many  articles online describing previous issues, that have been fixed in the meantime by Tp-Link. 

 

I also discovered by searching online the CVE-2021-4045 vulnerability that affects my camera model and the 1.1.15 firmware version, which the camera was running on before I upgraded to 1.1.16. It seems 1.1.16 should be safe, I asked my local support for confirm this but no reply. 

 

Anyway I'm really happy to know that changing the password logs out all accounts, it's a relief! 

 

And THANK YOU for creating the support case, I will send all the information via email.

 

Have an awesome day!

  3  
  3  
#3
Options
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-05-18 01:09:42

Hi,

 

I just got the same problem today.

 

A loud noise of an animal at 11.35 PM and also a girl screaming and sxx noises.

 

Also they were able to move the camera around, before i disconnect it.

 

They also accessed my lights, changing the colour at a fast pace.

 

After changing the Password, everything stopped.

  2  
  2  
#4
Options
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-05-18 02:44:09 - last edited 2022-05-18 06:06:46

  @JoaoR Thank you for the feedback, it's good to know you have changed the password in the first time, we'd recommend also ensure the device firmware & app version are both up to date. Here from  Security Advisory board you could find the latest information about remediation. We take security concern with high priority and would like to investigate further, to better assist your case, we created a support email TKID220518977 for your case, please check your email. 

 

  0  
  0  
#5
Options
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account -Solution
2022-05-18 02:58:18 - last edited 2022-06-07 03:03:27

2022/06 Update

 

Tapo APP now supports two-step verification, it is recommended to enable 2FA in  tapo APP to add extra layer security for your account.

Introducing Two-Step Verification (2FA) for the Tapo App
 

Hello everyone,

We take the security feedback with high priority, if you found any abnormal situation with your account, here are some steps you should do to protect your account: 

1.  It is recommended to immediately change your account password and changing any other services that may use the same password.

 1) Create a Strong Password with a Mix of Numbers, Letters, Capitals

 2) Do not Reuse the same password across multiple platforms

 

2. Ensure firmware of your device is up-to-date; Confirm APP version is up-to-date 

From  Security Advisory board,  you could learn the latest information of remediation.

 

3. Enable Two-Step Verification for your Tapo APP 

Introducing Two-Step Verification (2FA) for the Tapo App

 

4. Double check if you have shared the account details with other people.

 

5. Reach our local support directly so they could look into the case directly (or report your feedback from APP Feedback entry) you may provide some case details below when reach support

1) the time and time zone when you notice something happened

2) TP-Link and MAC address of device 

3) Did you share the device, account, or camera account with someone else before? 

 

6. If you use other APP like Alexa/ Google and other apps, check if that has any schedule or automation settings that may cause the behavior of your smart device. 

Thank you. 

 

 

Recommended Solution
  0  
  0  
#6
Options
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-05-18 05:02:58

  @Solla-topee 

Good morning. We were also hacked last night. C200 camera. Loud noises were heard. Firmware 1.1.16 build 211209 is installed and does not change the problem!! My password consists of 32 characters. It would be nice if you could also assign special characters in the password.

  4  
  4  
#7
Options
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-05-18 06:05:56 - last edited 2022-05-18 06:06:39

Had our cameras hacked last night as well. Woke up at 2AM to a loud noise and unplugged all the cameras. Might need to get rid of the cameras...

  4  
  4  
#8
Options
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-05-18 06:37:09

  @Devkin2022 

 

bonjour de france, idem caméras C200 hackée cette nuit, les 3, plus une lampe connectée.

d'abord une sirène d'alarme très forte histoire de bien nous réveiller, puis clignotement de la lampe, puis une voix féminine en anglais  qui dit " hello i'm here do you find me, don't be afraid" sur différentes caméras.

j'ai changé le mot de passe et retour à la normale ( l'ancien mot de passe marchait encore).

  0  
  0  
#9
Options
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-06-22 19:17:46

Reading all of this is slightly terrifying. Maybe I should be returning these cameras

  14  
  14  
#10
Options
Re:My Tapo C200 camera was hacked last night, also my Tp-Link account
2022-09-26 15:39:27

  @Solla-topee 

I believe my camera was hacked today. 
I heard a click sound on my camera and saw it being controlled by someone. 
 

I didn't hear any noise like the others have experienced as they didn't see anyone (I was out of view). 
 

I have just changed my password and switched on 2nd verification code. 
 

I believe the software is up to date but will check this later. 

  4  
  4  
#11
Options