I've had one of my WeMo switches turn itself off when I didn't tell it to. I always wondered if someone was scanning the internet for them and found it; I updated the firewall to block outside access even though that probably also blocks me from using the app if I'm away from home.
I'm in the process of designing a home automation system for my own cabin and news like this is giving me gas. Granted, mine probably won't be nearly as sophisticated (heat, lights, coffee machine etc...), but surely, it can't be an impossible task to combine convenience and security.
well, if you were even considering WeMo in the first place (even well before this vuln) you were 'doing it wrong'. a server with wifi in EVERY node is not the way to go about adding home automation. these devices you have no control over and rely on 'the cloud' have no business on your LAN.
WeMo devices don't rely on 'the cloud' and you can control them with local URLs they broadcast over UPnP. Nothing has to leave your network, and there are open source libraries for integrating them into your own projects.
I find this to be completely expected. When Bluetooth LE can't even do a secure key exchange and the large majority of manufacturer supplied router firmwares having authentication vulnerabilities, trusting another device that you don't control the software of to get it right seems like a bad bet.
Easily missed here is that you have to regulate outbound traffic to resolve this, which breaks all remote features (IFTTT, etc).
My real worry here is that people are selling the devices short. "So what, someone can turn my lights off?". Each one of these devices can act as a WAP - they do so for the initial setup (you join the device's wap with your phone and initiate config from there). Each one of these devices has your network credentials - they have to, to join your LAN.
Being able to sign & push your own firmware updates makes this a troubling combination. It's well within each and every one of these "fire and forget" devices to sit there broadcasting your network credentials.
Asking the users to solve this is hugely ineffective. If you block outbound traffic, you don't receive firmware updates, and lose half the featureset. If you isolate them onto a 'guest lan' to prevent them having useful data to leak, then you lose the other half of the featureset.
The real failure here is bad key hygiene, a ball which is firmly in Belkin's court - and they're refusing to even acknowledge it as an issue.
7 comments
[ 2.4 ms ] story [ 29.7 ms ] threadMy real worry here is that people are selling the devices short. "So what, someone can turn my lights off?". Each one of these devices can act as a WAP - they do so for the initial setup (you join the device's wap with your phone and initiate config from there). Each one of these devices has your network credentials - they have to, to join your LAN.
Being able to sign & push your own firmware updates makes this a troubling combination. It's well within each and every one of these "fire and forget" devices to sit there broadcasting your network credentials.
Asking the users to solve this is hugely ineffective. If you block outbound traffic, you don't receive firmware updates, and lose half the featureset. If you isolate them onto a 'guest lan' to prevent them having useful data to leak, then you lose the other half of the featureset.
The real failure here is bad key hygiene, a ball which is firmly in Belkin's court - and they're refusing to even acknowledge it as an issue.