Security researchers have taken the unusual step of recommending that people stop using Belkin's WeMo home automation products after uncovering a variety of vulnerabilities that attackers can exploit to take control of home networks, thermostats, or other connected devices.
WeMo products allow people to use smartphones and computers to remotely control light switches, Web cams, motion sensors, and other home appliances. Now the items are exposing the password and cryptographic signing key used to ensure that firmware updates are valid, according to an advisory published Tuesday by researchers from security firm IOActive. Attackers can use the credentials to bypass WeMo security checks and sign malicious firmware that masquerades as an official release from Belkin.
http://arstechnica.c...ble-to-hijacks/
Password leak in WeMo devices makes home appliances susceptible to hijacks
Started by
siljaline
, Feb 18 2014 05:13 PM
No replies to this topic
#1
siljaline
-
- Full Member
-
- 42 posts
Security Consultant
Posted 18 February 2014 - 05:13 PM
siljaline
MS MVP Alum . MVPS HOSTS . Rename Hosts . ESET for Business . 10 Immutable Laws of Security . System Lookup . ESET Threat Blog . MBAM
