Skip to main content
  1. Home
  2. Smart Home
  3. News

Thousands of Belkin WeMo devices may be vulnerable to hackers: UPDATED

By
thousands belkin wemo devices may vulnerable hackers
Image used with permission by copyright holder

UPDATE: Belkin has now released a fix for the security issues mentioned below. To remedy the issue, Belkin urges WeMo users to download the latest app from the App Store (version 1.4.1) or Google Play Store (version 1.1.2) and then upgrade the firmware version through the app. Find more information here

According to a recently-released study from security research firm IOActive, nearly half a million Belkin WeMo devices may be vulnerable to attackers.

Recommended Videos

In a number of different experiments, the WeMo line – which includes things like remotely-controlled switches, plugs, and motion sensors for home automation – was shown to have a variety of different security flaws that give hackers the ability to:

  • Remotely control WeMo devices over the Internet
  • Perform malicious firmware updates
  • Remotely monitor devices
  • Access an internal home network

Obviously, this is bad news for Belkin, but it’s even worse news for anyone who currently has a WeMo device in their house. If these vulnerabilities are legitimate, it means that once attackers have compromised a device, they’re free to remotely turn WeMo-connected appliances on or off at will. Depending on the gear users have connected to their WeMos, this could lead to something as harmless as some wasted electricity, or as dangerous as a house fire. On top of that, WeMo motion sensors could be used to remotely monitor a house. This could make a home an easy target for tech-savvy burglars who can use a compromised WeMo to determine when people are in that house, and when they aren’t.

Additionally, once an attacker has established a connection to a WeMo device within a victim’s network, the compromised device can be used as a foothold to attack other devices on your home network – including things like laptops, mobile phones, network-attached storage, or home automation devices. 

Mike Davis, IOActive’s principal research scientist, had this to say about the findings: 

“As we connect our homes to the Internet, it is increasingly important for Internet-of-Things device vendors to ensure that reasonable security methodologies are adopted early in product development cycles. This mitigates their customer’s exposure and reduces risk.”

We couldn’t agree more.

IOActive has reached out to Belkin for comments on the issue, but has yet to receive a response. For the time being, we recommend that you unplug any WeMo devices you may own and check back for updates.

We’ll keep you posted should any security patches be released.

[via Help Net Security]

Topics
Drew Prindle
Drew Prindle
Former Digital Trends Contributor
Drew Prindle is an award-winning writer, editor, and storyteller who currently serves as Senior Features Editor for Digital…
Hurry! The TP-Link Tapo MagCam is only $70 in this Cyber Week deal
The TP-Link Tapo MagCam C425 security camera on a white background.

You can never have too much home security. From security cameras to motion detectors and floodlights, there’s a way to keep tabs on just about every part of your home or business, both indoors and outdoors. A lot of this smart gear is getting a lot cheaper, too, though it’s always a good idea to stick with top-rated surveillance brands. Speaking of surveillance, a brand we like to recommend whenever we can is TP-Link, and we just came across a fantastic offer:

While this sale lasts, you’ll be able to purchase the TP-Link Tapo MagCam 2K Battery Outdoor Camera for only $70. At full price, this model sells for $120.

Read more
Want a cordless vacuum for under $100? This one’s just $65!
The PrettyCare W200 cordless vacuum on a white background.

If you're searching for the ultimate bargain from the available cordless vacuum deals, look no further than Walmart's offer for the PrettyCare W200. Originally sold at $400, you can get this cleaning machine for an unbelievably low price of only $65. That's $335 in savings! We're not sure how much time is remaining before this discount expires, so if you don't want to miss this opportunity, you're going to have to add this cordless vacuum to your cart and complete the checkout process immediately.

Why you should buy the PrettyCare W200 cordless vacuum
The PrettyCare W200 cordless vacuum offers two suction modes: it can run for about 20 minutes in the stronger power mode and for about 48 minutes in the normal power mode. It's capable of picking up different kinds of dirt, debris, and pet hair across all floor types, and it stores all of them in its 1.3-liter dust collection cup that's easy to empty once you're done. The cordless vacuum is also equipped with a stainless steel filter filtration system and a six-stage HEPA filtration system, so that it will capture pollutants and fine dust and only discharge clean air back into your home.

Read more
These Linkind smart bulbs are 37% off, and have one of the best apps I’ve used
Linkind A19 E26 color smart bulbs matter support -- smart bulb deal

I know some people think that a lot of smart home tech is frivolous, and some of it is, I'll agree, but there are certain things that make daily life a little better. For example, I have security cameras, a video doorbell, smart lights, a smart garage door, and all of these things make living in my home convenient. With my lights, for example, I can create on-off schedules and I don't have to get up to use them. After a long day, that's a welcome feature, believe me. It's especially helpful with Christmas lights and decorative lights -- like the ones I have set up to automatically turn on at sunset on my patio.

With a smart video doorbell, I can answer my door, converse with parcel delivery teams, and shoo off solicitors -- we get a lot of them where I live. But among all of those experiences and devices, one of my biggest qualms is with the apps you use to interact with this tech.

Read more