Your smart plug's connected to your idiotbox, the idiotbox is connected to your WiFi, the ...

Subject: General Tech | August 22, 2018 - 12:59 PM |
Tagged: iot, security

Belkin offers a smartplug called the Wemo Insight which provides real time energy usage stats, allows you to program your lights to turn on and off at various times and is a decent  replacement for The Clapper; it is also a fairly serious security risk.  The UPnP protocol it utilizes is vulnerable to a buffer overflow attack which could allow an attacker access to other devices connected to your WiFi network.  The proof of concept provided by McAfee shows a successful attack on a Roku, initiated from the smartplug, as you can see over at El Reg.

Perhaps you should keep that old tech if you don't like touching light switches.

"The flaw, spotted in Belkin's Wemo Insight smartplugs, would potentially allow an attacker to not only manipulate the plug itself, but also allow hopping to other devices connected to the same Wi-Fi home network."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

August 22, 2018 | 01:30 PM - Posted by ColossalCollapse (not verified)

Headline: "IoT device found to be egregiously insecure"
Me thinking: Must be slow news season...

August 22, 2018 | 02:07 PM - Posted by Jeremy Hellstrom

It amused me more than the other links.

August 22, 2018 | 07:35 PM - Posted by TUsRumorsAbound (not verified)

Flesh eating STDs in the land of Blimey! that's a different sort of Clap. Better to keep ya wee Prince Albert sealed in his can, Governor.

August 22, 2018 | 04:23 PM - Posted by Esso (not verified)

The wemo line also has power plug 'coupler' that is handy for all the times your wife forgets whether she left her curling iron, straightener, etc. turned on. You can setup rules as timers or cyclical for things like x-mas lights. I've found some great uses for these, but being IOT, they share a different network that gets to access the Internet, but nothing else... because yeah, all this wonderful security consideration, or lack there of from the vendor.

August 23, 2018 | 08:53 AM - Posted by Anonymously Anonymous (not verified)

or you could just slap her on the back of the head because she keeps leaving shit plugged in and NOT get those botnet devices.

August 23, 2018 | 04:43 PM - Posted by Anonymouses (not verified)

If you refuse to allow the app to automatically update the firmware on your device that fixes the vulnerability and don't password protect your wi-fi then you deserve to be hacked.

This is just another on-premises, pre-authorized vulnerability. Not something that can be done over the Internet or by your neighbors (unless you live next door to some Russian spies.) Let me in your home, give me your wi-fi password and I can do far worse than what this bug purports to do.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.