Earlier today security services company IOActive released a statement detailing potential vulnerabilities it had discovered in the popular Belkin Wemo range of remote or smart home switches. Belkin has this evening responded to the reports with news of updates and patches that fix what it describes as potential vulnerabilities.
iOActive’s claims are complex and rather technical, however any potential unauthorised control of the Wemo switches or more worrying the sensors or cameras should be of concern to owners and users.
The IOActive release said “Mike Davis, IOActive’s principal research scientist, uncovered multiple vulnerabilities in the WeMo product set that gives attackers the ability to:
Now personally, the worst thing that could happen to me is that some geek turns on my bedroom light while I’m sleeping, however with many people using the Belkin Wemo cameras and other sensors there is a justified concern for these remote systems.
Belkin today responded to several twitter conversations I was having with concerned users with a link to a statement outlining how the vulnerabilities had been fixed. That statement is here and I’ve reproduced it below. Belkin Wemo users should check this and ensure their app and device firmware is up to date.
1) An update to the WeMo API server on November 5, 2013 that prevents an XML injection attack from gaining access to other WeMo devices.
2) An update to the WeMo firmware, published on January 24, 2014, that adds SSL encryption and validation to the WeMo firmware distribution feed, eliminates storage of the signing key on the device, and password protects the serial port interface to prevent a malicious firmware attack
3) An update to the WeMo app for both iOS (published on January 24, 2014) and Android (published on February 10, 2014) that enables the most recent firmware update
Trev is a Technology Commentator, Dad, Speaker and Rev Head.
He produces and hosts several popular podcasts, EFTM, Two Blokes Talking Tech, Two Blokes Talking Electric Cars, The Best Movies You’ve Never Seen, and the Private Feed. He is the resident tech expert for Triple M on radio across Australia, and is the resident Tech Expert on Channel 9’s Today Show and appears regularly on 9 News, A Current Affair and Sky News Early Edition.
Father of three, he is often found in his Man Cave.
While we mostly know ASUS from their massively popular range of consumer, creator and budget…
Big news today when Fetch TV and Warner Bros. Discovery (WBD) announced an expansion of…
ASUS have unveiled their latest enterprise level laptop, announcing the ExpertBook Ultra at ASUS Next…
It's Dub Dub day, Apple's Worldwide Developer Conference has kicked off with the announcement keynote…
During their Xbox Showcase in the wee hours of yesterday morning, Microsoft announced a slew…
Asus has released a few generations and iterations of its Duo laptops, and now that…