Belkin offers a smartplug called the Wemo Insight which provides real time energy usage stats, allows you to program your lights to turn on and off at various times and is a decent replacement for The Clapper; it is also a fairly serious security risk. The UPnP protocol it utilizes is vulnerable to a buffer overflow attack which could allow an attacker access to other devices connected to your WiFi network. The proof of concept provided by McAfee shows a successful attack on a Roku, initiated from the smartplug, as you can see over at El Reg.
Perhaps you should keep that old tech if you don't like touching light switches.
"The flaw, spotted in Belkin's Wemo Insight smartplugs, would potentially allow an attacker to not only manipulate the plug itself, but also allow hopping to other devices connected to the same Wi-Fi home network."
Here is some more Tech News from around the web:
- Chrome 69 is Coming: Not Just a New Look But Flash's Life is About To Get Even Harder @ Slashdot
- Fire chief says Verizon throttled department's data in the middle of massive Cali wildfires @ The Register
- Qualcomm starts sampling 7nm mobile processor with 5G support @ The Inquirer
- TSMC 7nm, 5nm to enjoy strong demand for AI chips @ DigiTimes
Headline: “IoT device found
Headline: “IoT device found to be egregiously insecure”
Me thinking: Must be slow news season…
It amused me more than the
It amused me more than the other links.
Flesh eating STDs in the land
Flesh eating STDs in the land of Blimey! that’s a different sort of Clap. Better to keep ya wee Prince Albert sealed in his can, Governor.
The wemo line also has power
The wemo line also has power plug ‘coupler’ that is handy for all the times your wife forgets whether she left her curling iron, straightener, etc. turned on. You can setup rules as timers or cyclical for things like x-mas lights. I’ve found some great uses for these, but being IOT, they share a different network that gets to access the Internet, but nothing else… because yeah, all this wonderful security consideration, or lack there of from the vendor.
or you could just slap her on
or you could just slap her on the back of the head because she keeps leaving shit plugged in and NOT get those botnet devices.
If you refuse to allow the
If you refuse to allow the app to automatically update the firmware on your device that fixes the vulnerability and don’t password protect your wi-fi then you deserve to be hacked.
This is just another on-premises, pre-authorized vulnerability. Not something that can be done over the Internet or by your neighbors (unless you live next door to some Russian spies.) Let me in your home, give me your wi-fi password and I can do far worse than what this bug purports to do.