NCC Group

Preface Half way through 2020, UK independent consumer champion Which? magazine reached out to us and asked if we could assist investigating the security of a series of domestic IoT devices and to perform a vulnerability assessment of each device. The assessments included smart plugs and smart/connected doorbells. We also…

Preface During the Covid-19 pandemic, the battle to secure and protect businesses as well as consumers changed from the office environment to our homes, but this did not stop us from working on research projects aimed at contributing to the creation of a safer online world. Working from home, this…

Vendor: TP-Link Vendor URL: https://www.tp-link.com/uk/ Versions affected: 1.7.0 Systems Affected: Tapo C200 Author: Dale Pavey Risk: High Summary: The device is vulnerable to the heartbleed vulnerability and a Pass-the-Hash attack. Impact: Successfully exploiting the Heartbleed vulnerability leads to the device being remotely taken over using the memory-leaked user hash and…