Jump to content


Password leak in WeMo devices makes home appliances susceptible to hijacks

  • Please log in to reply
No replies to this topic

#1 siljaline


    Security Consultant

  • Full Member
  • Pip
  • 42 posts

Posted 18 February 2014 - 05:13 PM

Security researchers have taken the unusual step of recommending that people stop using Belkin's WeMo home automation products after uncovering a variety of vulnerabilities that attackers can exploit to take control of home networks, thermostats, or other connected devices.

WeMo products allow people to use smartphones and computers to remotely control light switches, Web cams, motion sensors, and other home appliances. Now the items are exposing the password and cryptographic signing key used to ensure that firmware updates are valid, according to an advisory published Tuesday by researchers from security firm IOActive. Attackers can use the credentials to bypass WeMo security checks and sign malicious firmware that masquerades as an official release from Belkin.


Member of UNITE
Support SpywareInfo Forum - click the button