Wanted to spy on my dog, ended up spying on TP-Link
53 points by wezm
53 points by wezm
So, I actually have a bunch of TP-Link devices. (They’re really cheap!)
I noticed the smart plugs have exactly the same setup described with the cameras - the local device password is the same as the cloud password. You can see this easily using the python-kasa package, which is a reverse-engineered implementation of the TP-Link protocol. I was smart enough to figure out the cloud and local passwords must be synced somehow, but it didn’t occur to me that the onboarding app would do the syncing. I just assumed the cloud must push down the password regularly.
I guess if you change your cloud password, it never pushes down to the device? Or the app has to update it?