Thousands of Belkin WeMo devices may be vulnerable to hackers: UPDATED

thousands belkin wemo devices may vulnerable hackers

UPDATE: Belkin has now released a fix for the security issues mentioned below. To remedy the issue, Belkin urges WeMo users to download the latest app from the App Store (version 1.4.1) or Google Play Store (version 1.1.2) and then upgrade the firmware version through the app. Find more information here

According to a recently-released study from security research firm IOActive, nearly half a million Belkin WeMo devices may be vulnerable to attackers.

In a number of different experiments, the WeMo line – which includes things like remotely-controlled switches, plugs, and motion sensors for home automation – was shown to have a variety of different security flaws that give hackers the ability to:

  • Remotely control WeMo devices over the Internet
  • Perform malicious firmware updates
  • Remotely monitor devices
  • Access an internal home network

Obviously, this is bad news for Belkin, but it’s even worse news for anyone who currently has a WeMo device in their house. If these vulnerabilities are legitimate, it means that once attackers have compromised a device, they’re free to remotely turn WeMo-connected appliances on or off at will. Depending on the gear users have connected to their WeMos, this could lead to something as harmless as some wasted electricity, or as dangerous as a house fire. On top of that, WeMo motion sensors could be used to remotely monitor a house. This could make a home an easy target for tech-savvy burglars who can use a compromised WeMo to determine when people are in that house, and when they aren’t.

Additionally, once an attacker has established a connection to a WeMo device within a victim’s network, the compromised device can be used as a foothold to attack other devices on your home network – including things like laptops, mobile phones, network-attached storage, or home automation devices. 

Mike Davis, IOActive’s principal research scientist, had this to say about the findings: 

“As we connect our homes to the Internet, it is increasingly important for Internet-of-Things device vendors to ensure that reasonable security methodologies are adopted early in product development cycles. This mitigates their customer’s exposure and reduces risk.”

We couldn’t agree more.

IOActive has reached out to Belkin for comments on the issue, but has yet to receive a response. For the time being, we recommend that you unplug any WeMo devices you may own and check back for updates.

We’ll keep you posted should any security patches be released.

[via Help Net Security]

Product Review

Bigger. Smarter. Louder. The Echo Plus makes Alexa sound better than ever

Amazon’s second-generation Echo Plus speaker is the loudest, bassiest speaker in the Echo fleet. While featuring a smart hub with only Zigbee connectivity, other upgrades make this device a worthy smart speaker.
Smart Home

How to create spooky Halloween effects with smart home lighting and sound

This Halloween, bathe your home with eerie smart home lighting and audio effects guaranteed to spook your neighbors. Use colored light and eerie sounds to create eerie Halloween effects.
Deals

How to create a smart living room for under $250

By being shrewd about which brands and products you invest in, you can quickly and easily turn your house into a home that's “smart,” and that's true even if you’re starting from scratch.
Product Review

The Kasa Cam Outdoor delivers smart security monitoring at a great price

While it may lack the sexier features of Nest Cam IQ Outdoor, the weatherproof TP-Link Kasa Cam makes home security easy, with full-HD video streaming at a great price
Smart Home

May the force cook with you: New slow cooker sports Star Wars figures

We can't say it will make your pot roast tastier, but Uncanny Brands' $50 Star Wars Slow Cooker, decorated with cartoon figures of Luke, Leia, Darth Vader, and other characters, might make cooking it more fun.
Smart Home

Gas dryers vs. electric dryers: Knowing the difference could save you some dough

Whether you buy an electric dryer or a gas dryer may depend solely on your setup, unless you want to spend money to get a gas hookup for your home. But if you have a choice, there are some differences to take into account.
Smart Home

Is your smart home lighting too confusing? Intellect simplifies your controls

Leviton introduced Intellect, a new controls platform for smart home lighting. Intellect is the fifth brand to join Leviton's portfolio, alongside ConTech, Intense, Birchwood, and JCC.
Smart Home

These awesome treehouses will make you question life on solid ground

Check out these truly awesome treehouses from around the world. From a three-story treehouse in the Costa Rican jungle to a mirrored cube hidden among the trees of Sweden, we’ve got you covered.
Smart Home

Nest gets more colorful with three new options for its smart thermostat

Nest Parent company Alphabet announced this week that its Nest Learning Thermostat will soon be made available in three new, fancier colors: Mirror black, brass, and polished steel.
Smart Home

Publish a new Alexa skill this month and Amazon will give you an Echo Dot

Amazon' Alexa group announced a promotion encouraging new developers to publish a new Alexa skill in any country First-time developers who publish a new an Alexa skill prior to midnight October 31, 2018, will get a free Echo Dot.
Smart Home

August Smart Lock satin nickel model comes bundled with Wi-Fi Connect bridge

The August Smart Lock--one of our favorite smart locks--is now available in a satin nickel finish. August is selling the new model in a $220 bundle with the Wi-Fi bridge needed for remote access and voice command features.
Smart Home

LG’s Colosseo smart sofa is the comfiest piece of tech in your home

LG has partnered with Italian furniture brand Natuzzi to produce the Colosseo, a connected sofa with five custom scenarios to provide maximum comfort for watching TV, reading, or just relaxing.
Smart Home

Simplisafe steps outside the smart home with its Video Doorbell Pro

SimpiSafe is pushing into the smart home market by introducing a new high-tech video doorbell that includes 1080p HD monitoring and a dual-sensor motion trigger that combines a body heat detector and a motion detector.
Smart Home

Facebook’s new Portal device can collect your data to target your ads

Facebook confirmed that its new Portal smart displays, designed to enable Messenger-enabled video calls, technically have the capability to gather data on users via the camera and mic onboard.