Security Vulnerability in Smart Electric Outlets
A security vulnerability in Belkin’s Wemo Insight “smartplugs” allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network.
From the Register:
The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on network connectivity to existing appliances, many IoT devices have little in the way of built-in network security.
Even when security measures are added to the devices, the third-party hardware used to make the appliances “smart” can itself contain security flaws or bad configurations that leave the device vulnerable.
“IoT devices are frequently overlooked from a security perspective; this may be because many are used for seemingly innocuous purposes such as simple home automation,” the McAfee researchers wrote.
“However, these devices run operating systems and require just as much protection as desktop computers.”
I’ll bet you anything that the plug cannot be patched, and that the vulnerability will remain until people throw them away.
Boing Boing post. McAfee’s original security bulletin.
mrmcd • September 12, 2018 6:51 AM
Embarrassed to say I actually have one of these plugs, and they do get firmware patches on a fairly regular basis (now I know why). It’s not an obvious process though: You have to open the app, accept a pop-up dialog that only appears once a day, and then wait ~5 minutes while the plug power cycles several times. Anything connected to the plug effectively can’t be used while it’s patching.