When the article first came out on February 18th, researchers warned that an astounding amount of home automation devices, more than 500,000, have vulnerabilities that would allow hackers to take control of various items in your home from thermostats to sprinkler systems, and more. A security firm IOActive released the advisory. What the WeMo devices do is allow homeowners to control different items in their home while they are away by adding internet connectivity and their Smartphone.
Hackers would have the ability to either simply turn on and off your lights or as dangerous as starting a fire. In addition hackers would also be able to get into the homeowner’s networks; giving them access to their computers and even their smart phones. When IOActive put out the advisory to all WeMo users, they instructed them to discontinue using the product.
Belkin did come up with patches for the 5 vulnerabilities using firmware updates which included the following:
- Update to the WeMo API server on November 5th that prevents an XML injection attack for gaining access to other WeMo devices
- A WeMo firmware update that was published on Jan 24th that adds SSL encryption and validation to the WeMo firmware distribution feed, eliminates storage of the signing key on the device, and password protects the serial port interface to prevent a malicious firmware attack.
- An update to the WeMo app for both iOS and Android that contains the most recent firmware update.
We are becoming such a technologically needed society where even when we are not home to have control over it, it is the growing more important for the companies that come up with these products to ensure the security of their consumers to reduce these types of risks from happening.