Belkin Patches WeMo Home Automation Vulnerabilities

Belkin has an intriguing suite of WeMo-branded smart devices for home automation, including light switches, motion detectors, integration with appliances, and more, but security firm IOActive recently discovered multiple vulnerabilities in WeMo--vulnerabilities that Belkin says it has now patched.
 
Belkin’s statement on the subject reads in part:
Belkin has corrected the list of five potential vulnerabilities affecting the WeMo line of home automation solutions that was published in a CERT advisory on February 18. Belkin was in contact with the security researchers prior to the publication of the advisory, and, as of February 18, had already issued fixes for each of the noted potential vulnerabilities via in-app notifications and updates. 
 
The most recent firmware update resolves the issues, which included the ability for a hacker to snag cryptographic keys and passwords, the ability to hack one WeMo device from another, an XML injection vulnerability, and a lack of SSL integrity.

 

Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

ELK Products -C1M1 Dual-Path Alarm Communicators with Remote Services

ELK Products -C1M1 Dual-Path Alarm Communicators with Remote Services

C1M1 offers a truly significant reduction in transmission time in comparison to other communicators that rely on dial capture or data bus decoding. This can result in quicker response time to emergency situations which could save lives and assets. By providing both IP and cellular pathways, C1M1 provides the reliability installers are looking for in an alarm communicator. C1M1 eliminates port forwarding and extra fees for remote access. Installers can remotely upload/download programming changes to M1 controls over IP or cellular using ElkRP2. Consumers can control the M1 remotely via the free ElkLink mobile app and web portal, as well as eKeypad and M1 Touch Pro apps. Other IP-based software and interface partners can connect to the M1 control over the local network through C1M1. C1M1 also provides email/text notifications for arm, disarm, and alarm events. ELK-C1M14GSM supports GSM (AT&T/T-Mobile) networks and ELK-C1M1CDMA supports CDMA (Verizon) networks.