Security Resources

Home Automation Device Vulnerability

WeMoDetails are sketchy, but the video below purports to show a hacker gaining root access to a WeMo WiFi-controlled switch. The module is part of a family of basic home control products that enable control, triggering, and scheduling of connected devices. Since most applications involve lighting control and other relatively mundane things, the severity of such a vulnerability is low – but in cases where sensitive or potentially dangerous equipment are connected (e.g. computers, amplifiers, space heaters, motors), the risks are much greater. In the demonstration, the hacker causes the WeMo to cycle power to a lamp very rapidly – fine for a traditional light bulb, but potentially damaging to other types of equipment.

A key feature of the WeMo devices is the ability to control them via the Internet using a mobile app, so if the vulnerability can be exploited remotely (as has been reported), the problem is that much worse.