Skip to main content

Thousands of Belkin WeMo devices may be vulnerable to hackers: UPDATED

UPDATE: Belkin has now released a fix for the security issues mentioned below. To remedy the issue, Belkin urges WeMo users to download the latest app from the App Store (version 1.4.1) or Google Play Store (version 1.1.2) and then upgrade the firmware version through the app. Find more information here

According to a recently-released study from security research firm IOActive, nearly half a million Belkin WeMo devices may be vulnerable to attackers.

Recommended Videos

In a number of different experiments, the WeMo line – which includes things like remotely-controlled switches, plugs, and motion sensors for home automation – was shown to have a variety of different security flaws that give hackers the ability to:

  • Remotely control WeMo devices over the Internet
  • Perform malicious firmware updates
  • Remotely monitor devices
  • Access an internal home network

Obviously, this is bad news for Belkin, but it’s even worse news for anyone who currently has a WeMo device in their house. If these vulnerabilities are legitimate, it means that once attackers have compromised a device, they’re free to remotely turn WeMo-connected appliances on or off at will. Depending on the gear users have connected to their WeMos, this could lead to something as harmless as some wasted electricity, or as dangerous as a house fire. On top of that, WeMo motion sensors could be used to remotely monitor a house. This could make a home an easy target for tech-savvy burglars who can use a compromised WeMo to determine when people are in that house, and when they aren’t.

Additionally, once an attacker has established a connection to a WeMo device within a victim’s network, the compromised device can be used as a foothold to attack other devices on your home network – including things like laptops, mobile phones, network-attached storage, or home automation devices. 

Mike Davis, IOActive’s principal research scientist, had this to say about the findings: 

“As we connect our homes to the Internet, it is increasingly important for Internet-of-Things device vendors to ensure that reasonable security methodologies are adopted early in product development cycles. This mitigates their customer’s exposure and reduces risk.”

We couldn’t agree more.

IOActive has reached out to Belkin for comments on the issue, but has yet to receive a response. For the time being, we recommend that you unplug any WeMo devices you may own and check back for updates.

We’ll keep you posted should any security patches be released.

[via Help Net Security]

Drew Prindle
Former Senior Editor, Features
Drew Prindle is an award-winning writer, editor, and storyteller who currently serves as Senior Features Editor for Digital…
For peace of mind: Anker Solix portable power stations up to 46% off for Prime Day
The Anker SOLIX F3800 Plus Portable Power Station in the kitchen.

Amazon's Prime Day is a great time to look for portable power station deals, as these devices can get pretty expensive. They're a necessity for every home though, and if you don't have one yet, you should check out these two offers for Anker Solix portable power stations. The Anker Solix C1000, originally sold for $799, is down to $429 for a $370 discount, while the Anker Solix F3800 Plus, originally sold for $4,799, is down to $2,699 for a $2,100 discount. However, if you're interested in taking advantage of either of these bargains, we highly recommend moving fast because we're not sure if they'll remain on sale through to the end of the shopping event.

Anker Solix C1000 -- $429 $799 46% off

Read more
Aiper robotic pool cleaners and bundles on sale for Prime Day — up to $750 off
The Aiper Scuba X1 Pro Max cordless robotic pool cleaner at the side of a swimming pool.

Keeping your swimming pool clean is tough work, but you can say goodbye to manual cleaning by taking advantage of Aiper's discounts on its robotic pool cleaners for Prime Day. Up to $800 in savings are up for grabs, and you'll get an additional 5% off these lowered prices by using the code DGTRENDS5OFF during the checkout process. We're going to say it — these Prime Day deals on Aiper robotic pool cleaners are simply amazing.

These offers are scheduled to last until Prime Day ends, but you shouldn't wait until the final minutes of the shopping holiday before you finalize your purchase. That's because there's no assurance that these Aiper robotic pool cleaners and the bundles featuring them will still be available by then. If any of these bargains catch your eye, we highly recommend proceeding with your transaction immediately to make sure that you pocket the savings — just don't forget that checkout code for the extra 5% discount!

Read more
Tineco carpet cleaner at lowest-ever price for Prime Day — here’s how to save more
A man using the Tineco Carpet One Cruiser Smart Carpet Cleaner.

Not all vacuum deals will be able to provide in-depth cleaning for your carpet. You're going to need something more specialized, and we highly recommend the Tineco Carpet One Cruiser. From its original price of $699, it's available from Amazon's Prime Day for its lowest-ever price of $489, but you can get an additional 5% off with the checkout code TIN25PDPR. That means you'll only have to pay $465 for this smart carpet cleaner, for total savings of $234, but you'll need to act fast as we're not sure if the stocks that are up for sale will last until the final minutes of the shopping holiday.

BUY NOW

Read more