[HH] Multiple vulnerabilities found in Belkin WeMo home automation modules
Tom Metro
tmetro+hhacking at gmail.com
Wed Feb 19 03:56:54 EST 2014
And this is why you don't want proprietary, closed-source, Internet
connected home automation gear...
-Tom
http://www.tweaktown.com/news/35526/multiple-vulnerabilities-found-in-belkin-wemo-home-automation-modules/index.html
Mike Davis who is a principal research scientist in IOActive found that
Belkin WeMo home automation modules have multiple vulnerabilities which
could endanger homes of half million users.
According to the report, the vulnerabilities found in Belkin WeMo
devices can potentially cause threats to users' house from anything as
serious as opening doors to wasting electricity.
The attackers can do to following via Belkin WeMo devices:
-Remotely control WeMo Home Automation attached devices over the
Internet
-Perform malicious firmware updates
-Remotely monitor the devices (in some cases)
-Access an internal home network.
It was found that Belkin WeMo firmware images uses public key encryption
to protect against unauthorized modifications, but the sign in
credentials are leaked via the firmware that's installed on the devices.
Once the hackers get hold of these credentials, they can use their
firmware to bypass security checks during the devices' firmware update
process.
[...]
Davis said, "As we connect our homes to the Internet, it is increasingly
important for Internet-of-Things device vendors to ensure that
reasonable security methodologies are adopted early in product
development cycles. ..."
[...]
More information about the Hardwarehacking
mailing list