I have this old TP-Link smart lightbulb, it’s the only thing that’s IoT and on WiFi in my house.
Looking through pfBlocker logs for fun, and noticed it’s been trying to connect to the Tor network.
Oh! Also, it’s been uploading and downloading 100+ MB of data a day.
I have no idea of all the details, but in legal terms this is called “res ipsa loquitur” – in this case, the fact that it clearly seems compromised is pretty solid evidence that it wasn’t immune to compromise.
Expected since TP-Link stopped updating them shortly after release.