A hot topic in the Internet of Things (IoT) marketplace in the past year has been the security of these new home ecosystems, with many being concerned about hackers gaining access to their homes in ways unforeseen by IoT manufacturers.
Those fears, to an extent, have been found accurate. It was recently discovered that a vulnerability within the Android app of Belkin’s WeMo-branded IoT devices allowed hackers to gain access to phones connected to the devices. This included being able to take images from the phones and even track the phone’s movements, according to Motherboard.
The revelation comes from Scott Tenaglia and Joe Tanen, of Invincea Labs. The two security researchers discovered the security issue in the WeMo app, allowing them access to things they should not have had access to. For their part, Belkin notes the bug in the app was fixed in August, though the vulnerability in the WeMo devices still exists. Belkin says a manual update for the appliance is coming soon.
There is no need to rush and turn off all of your WeMo devices, but this is yet another reminder that security has been a bit lax for some IoT devices. The convenience of controlling everything in your home from the coffee maker to the heater with your phone is appealing but as has been demonstrated here, the security holes can leave you in a troublesome situation.
This particular issue seems to be resolved, with Belkin fixing the app exploit and updating the devices to close the security flaw. It also may have been a situation where someone was on the same network as all the devices too. But the fact remains, this will not be the last time we hear about IoT device security issues.