A 4SquareMedia Website

SECTIONS
> Wearable Technology
> Appliances
> Automation
General
Industry
LED Lighting
Lighting
Multi-room
Remote Controls
Screens
Security & Intercoms
Sound
> Automotive
> Buyers Guide
> CEDIA 2010
> Comment
> CES
> Content & Downloads
> Digital Photography
> Gaming
> Green Energy
> HD
> Home Cinema
> Home Office
> How Stuff Works
> Installation
> Portable Players
> Media Centres
> Phones
> Real Sound
> Reviews
> Smart Awards 2013
> Smart Ideas
> Trio Awards 08
> TVs & Large Display
> Wireless & Networking
PRODUCT REVIEW
> Featured Reviews
SERVICES
> Advertising
> Competitions
> Contact
> Disclaimer
> Signup
> Terms & Conditions
SUBSCRIBE
> Subscribe to Newsletter
> Subscribe to Magazine



Top 10 Viewed Articles
  1. Who Has The Best LCD TV: Sony, Toshiba Or Samsung?
  2. FIRST LCD TV REVIEW: LG Scarlet 60 Vs Samsung Series 6
  3. Sony PS4 Not Far Away
  4. The Humble PC Gets A Whopping Makeover
  5. Sony Bravia LCD TVs Vs Samsung LED HD TVs Which is Best?
  6. Toshiba Working With Microsoft On New Entertainment Xbox
  7. Blu-ray Xbox 360 Planned By Microsoft
  8. Massive Failure Rate For Xbox 360 Exposed
  9. Free Sony PS3 Con
  10. How To Build Your Own Digital Media Server: Part I
Top 10 Viewed Reviews
  1. First Review: Samsung Series 7 LED TV
  2. Movies On-The-Go With Teac DVD Boombox
  3. Who Has The Best 32-inch Screen: Panasonic, Samsung, or Sony?
  4. Who Has The Best Home Theatre Kit? Denon vs Bose
  5. Every Bit Of Defence Counts
  6. New Denon Home Theatre Makes Bose Look Like Yesterdays Technology
  7. Best Media Player On The Market
  8. At $1,499 The Aldi Medion 17-inch Notebook Is A Steal
  9. Affordable Noise Cancelling Headphones That Work
  10. B&W 600 Speaker Delivers Real Sound





AUTOMATION / GENERAL

Belkin WeMo Automation Devices Vulnerable Claims Security Company

By David Richards | Wednesday | 19/02/2014

A security specialist claims that they have uncovered multiple vulnerabilities in the new Belkin WeMo Home Automation device that could affect over half a million users including hundreds in Australia.

OActive claims that a password leak allows others to remotely control WeMo devices, perform malicious firmware updates, and access an internal home network.

The Belkin WeMo firmware images that are used to update the devices are signed with public key encryption to protect against unauthorised modifications. However, the signing key and password are leaked on the firmware that is already installed on the devices. This allows attackers to use the same signing key and password to sign their own malicious firmware and bypass security checks during the firmware update process.

Belkin claims that they are aware of the research Companies finding but at this stage no fix is currently available.

The research Company said that Belkin WeMo devices do not validate Secure Socket Layer (SSL) certificates preventing them from validating communications with Belkin's cloud service including the firmware update RSS feed. This allows attackers to use any SSL certificate to impersonate Belkin's cloud services and push malicious firmware updates and capture credentials at the same time. Due to the cloud integration, the firmware update is pushed to the victim's home regardless of which paired device receives the update notification or its physical location.

The Internet communication infrastructure used to communicate Belkin WeMo devices is based on an abused protocol that was designed for use by Voice over Internet Protocol (VoIP) services to bypass firewall or NAT restrictions. It does this in a way that compromises all WeMo devices security by creating a virtual WeMo 'darknet' where all WeMo devices can be connected to directly. Also, the Belkin WeMo server application programming interface (API) was also found to be vulnerable to an XML inclusion vulnerability, which would allow attackers to compromise all WeMo devices.

Given the number of WeMo devices in use, it is likely that many of the attached appliances and devices will be unattended, thus increasing the threat posed by these vulnerabilities. Additionally, once an attacker has established a connection to a WeMo device within a victims network the device can be used as a foothold to attack other devices such as laptops, mobile phones, and attached network file storage.

Print this article
Email this story to a friend
Link this story:
Link this page to delicious Link this page to Digg Link this page to Furlit Link this page to News Vine Link this page to Reddit Link this page to Spurl Link this page to Yahoo My Web RSS this section





LATEST REVIEWS
New LG 65   New LG 65" Ultra High Definition TV, Complete With Pop Down Speakers: REVIEW
LG Australia has finally rolled out their 65" Ultra High Definition TV offering in Australia and what you get is a TV that delivers a quantum leap in TV technology and surprisingly a significantly improved sound system that is delivered from pop down speakers but the big question is whether it is worth $6,999.
Product Rating 4.5

Westfield To Split   Westfield To Split
Shopping giant to separate ANZ, international operation
Product Rating 0

REVIEW:Note 3 Is The Best There Is In Phablet Smartphones   REVIEW:Note 3 Is The Best There Is In Phablet Smartphones
If you are one of those people who love technology but struggle to manage the hundreds of apps and the endless capabilities that today's smartphones are capable of delivering then the new Samsung Note 3 is not for you.
Product Rating 5




SMARTHOUSE NEWSLETTER
Get the latest news
Subscribe today for your daily news of consumer electronic news...
Get the latest news

ADVERTISE
SmartHouse
reaches over 2 million consumers a year. Contact us today about special deals..

For more information ...

LATEST ISSUE
Smarthouse's
Apr/May 2011 issue

reviews the hot new iPhone attach device, the Zeppelin Air. And we look at what's going on in the tablet space...