Belkin WeMo home automation products open to hackers, security researchers say don’t use them

Feb 19, 2014
0
Belkin WeMo home automation products open to hackers, security researchers say don’t use them

Belkin has a number of home automation products in its WeMo line. The Belkin WeMo LED lighting products were launched in January. Belkin also offers a WeMo light switch along with a number of other products for home automation. Those products have some serious security issues according to researchers.

Researchers for security firm IOActive have suggested that people stop using the products in the Belkin WeMo range. According to the researchers, the home automation products are susceptible to a number of vulnerabilities that hackers could exploit to take control of home networks and other devices.

The WeMo products use a smartphone and computer to control cameras, motion sensors, home appliances, light switches and more. The researchers say that attackers can gain access to the password and cryptographic signing key used by the WeMo products to ensure that their firmware updates are valid.

Attackers can then use those stolen credentials to apply a malicious firmware that the WeMo hardware will accept as official. The researchers have also found that firmware updates delivered to the Belkin devices from the smartphone or computers paired to the system use an unencrypted channel. The researchers were able to push firmware to the WeMo devices using these attacks that infected the devices with malware that allowed them to send commands to connected appliances. As of now, the researchers say that Belkin has offered no fixes for any of the products.

SOURCE: ArsTechnica


Must Read Bits & Bytes