are susceptible to security breaches. This was quite unnerving to me because I currently own the Belkin WeMo baby monitor, and I LOVE it, but the idea of someone hacking my baby monitor is just plain scary. The report states that their researchers tested the WeMo “Light Switch” firmware and subsequently, they uncovered a series of security issues with the device.
These security issues may allow:
- Remote control of attached devices over the internet – Meaning someone could remotely turn your lights on/off
- Malicious firmware updates – Malicious firmware updates could be automatically updated on your devices putting your network and others at risk for security issues.
- Remote monitoring – someone could be listening in on your device i.e. my baby monitor and conversations in our home since our monitor is always on.
- Home network access – allows access to any device that is connected to your network like your laptop, cell phone, etc.
According to the report, these devices require firmware images to be “signed with public key encryption to protect the device from unauthorized modifications.” The issue is that these signing keys and passwords are stored in the firmware that is currently on the devices, meaning the public key is easily accessible and not very secure at all. This allow hackers to impersonate Belkin’s encryption keys/password allowing them to trick the device into thinking the firmware update is valid. Malicious firmware updates can easily be installed remotely without your knowledge.
Mike Davis, IOActive’s principal research scientist, said “As we connect our homes to the Internet, it is increasingly important for Internet-of-Things device vendors to ensure that reasonable security methodologies are adopted early in product development cycles. This mitigates their customer’s exposure and reduces risk. Another concern is that the WeMo devices use motion sensors, which can be used by an attacker to remotely monitor occupancy within the home.”
IOActive advised anyone who is currently using a WeMo device on their network to unplug it immediately and discontinue it’s use until Belkin patches the vulnerability.
Looks like I will be switching back to my old school baby monitor for now…
Do you currently use any Belkin WeMo devices in your home? How does this security breach make you feel?