Can TP-Link smart outlets/lightbulbs be hacked (turned into botnet) ?
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Can TP-Link smart outlets/lightbulbs be hacked (turned into botnet) ?
Model :
Hardware Version :
Firmware Version :
ISP :
I have several TP-Link switched and lightbulbs in my house. These are probably running a flavor of Busybox linux. The only way these can be hack proof is if everything is read-only. Is that the case? Or can these be turned into botnet?
The reason I ask is because I was reviewing my network logs and it looks like my router got too many port connections in the middle of the night for a stretch of about 6 hours when noting was on the network except TP-Link devices. kern.warn kernel: nf_conntrack: table full, dropping packet. My packet limit is set to 4096, which is 4 times larger than a typical router. And during normal operation with computers on the network my packet numbers fluctuate between 150 and 300. To reach 4096 it would have to be something like a botnet. Keep in mind UDP packets have a timeout of 2 minutes and TCP packets of 1 hour. The fact that this lasted 6 hours means it reached the limit at least 6 times.
So I am wondering if I need to take extra precautions isolating these TPlink devices or if someone from the engineering team can tell me for sure if these are hack proof (read only).
Devices in question are:
http://www.tp-link.com/us/products/details/HS100.html
http://www.tp-link.com/us/products/details/cat-5609_LB100.html
Hardware Version :
Firmware Version :
ISP :
I have several TP-Link switched and lightbulbs in my house. These are probably running a flavor of Busybox linux. The only way these can be hack proof is if everything is read-only. Is that the case? Or can these be turned into botnet?
The reason I ask is because I was reviewing my network logs and it looks like my router got too many port connections in the middle of the night for a stretch of about 6 hours when noting was on the network except TP-Link devices. kern.warn kernel: nf_conntrack: table full, dropping packet. My packet limit is set to 4096, which is 4 times larger than a typical router. And during normal operation with computers on the network my packet numbers fluctuate between 150 and 300. To reach 4096 it would have to be something like a botnet. Keep in mind UDP packets have a timeout of 2 minutes and TCP packets of 1 hour. The fact that this lasted 6 hours means it reached the limit at least 6 times.
So I am wondering if I need to take extra precautions isolating these TPlink devices or if someone from the engineering team can tell me for sure if these are hack proof (read only).
Devices in question are:
http://www.tp-link.com/us/products/details/HS100.html
http://www.tp-link.com/us/products/details/cat-5609_LB100.html