My Tapo C200 camera was hacked last night, also my Tp-Link account
My Tapo C200 camera was hacked last night, as well as my Tp-Link account which I use to log into the Tapo app on my Phone.
They accessed the Talk function on the camera placed in my living room and played a series of very loud screams and music, and then they said "we are sorry for disturbing you this late" (but that could have also been a recording). It was 2 AM.
I have 4 identical cameras linked to the same account, as far as I could tell this was the only one hacked.
When I figured out what was happening, I opened the Tapo app on my iPhone and noticed I was logged out (never happened before). I reset the password, got back access to all the cameras and upgraded them all to the 1.1.16 firmware version (I couldn't find the option to automatically upgrade to new firmware versions, perhaps that should be implemented).
I found a series of articles (cannot add the links unfortunately) that are describing in details how this can be achieved, but the vulnerability was supposed to have been fixed back in 2020. Also, this would mean the attacker would have also hacked my WiFi to be able to be on the same local network as the camera, which makes it a bit less random - they would have needed to be good at both hacking WiFis and Tapo devices. I didn't find any evidence that my WiFi had been hacked, but I did find an IP address that looked suspicious in the router's logs.
So either the vulnerability is still there, in some shape or form, or it is a different type of vulnerability that is affecting more recent versions of the firmware. Or perhaps it was just the Tp-Link account information that was hacked, or the Tapo app I'm using, and not the camera itself.
If this was related to the Tapo app or the Tp-Link account, I really hope all the logged-in devices are logged out after the account password is changed - otherwise the attackers might still have access to my account. According to this thread describing recent similar events that was closed, this may be the case still: https://community.tp-link.com/en/smart-home/forum/topic/239838
I already sent all the details to Tp-Link Support and I am also writing to my ISP provider about this - mostly to mention that IP that I found. If it's kids playing around and just using tools found online, they might not be as good as hiding their tracks.
I would appreciate any information or advice related to this event, I admit I am pretty much freaked out by what happened.