Belkin Patches WeMo Home Automation Vulnerabilities
Belkin’s statement on the subject reads in part:
Belkin has corrected the list of five potential vulnerabilities affecting the WeMo line of home automation solutions that was published in a CERT advisory on February 18. Belkin was in contact with the security researchers prior to the publication of the advisory, and, as of February 18, had already issued fixes for each of the noted potential vulnerabilities via in-app notifications and updates.
The most recent firmware update resolves the issues, which included the ability for a hacker to snag cryptographic keys and passwords, the ability to hack one WeMo device from another, an XML injection vulnerability, and a lack of SSL integrity.
Although nobody is clapping Belkin on the back here--the company was at fault for building products with those vulnerabilities after all--it is commendable that the company fixed the problems relatively quickly. Too many smart devices in the IoT ecosystem have little to no protection, so in that sense, Belkin is ahead of the curve.
However, we’ll be hearing about a deluge of hacks and vulnerabilities pertaining to smart devices in the coming years as the Internet of Things rapidly expands.