Oops: Security Holes In Belkin Home Automation Gear 77
chicksdaddy writes "The Security Ledger reports that the security firm IOActive has discovered serious security holes in the WeMo home automation technology from Belkin. The vulnerabilities could allow remote attackers to use Belkin's WeMo devices to virtually vandalize connected homes, or as a stepping stone to other computers connected on a home network. IOActive researcher Mike Davis said on Tuesday that his research into Belkin's WeMo technology found the 'devices expose users to several potentially costly threats, from home fires with possible tragic consequences down to the simple waste of electricity.' IOActive provided information on Davis's research to the US Computer Emergency Readiness Team (CERT), which issued an advisory on the WeMo issues on Tuesday. There has been no response yet from Belkin."
Predictable .... (Score:5, Interesting)
As soon as you start having something poking holes through your firewall to allow inbound traffic, this is pretty much a predictable outcome.
The internet of things, smart home monitoring, and thermostats you can adjust from the web ... all of these are things which are going to cause security problems, because most companies doing these kinds of things seem to completely ignore security, or when they try, still do a piss poor job.
I view the whole thing as a big "what did you expect?".
Re:Belkin Gear (Score:4, Interesting)
Maybe their hardware is crap because they're more about abusing their customers [slashdot.org] than providing quality products.
Surprised? (Score:2, Interesting)
The hidden danger of the IoT... (Score:4, Interesting)
Here's an example... Walk around your house and figure out the age of all of your appliances. You probably have a few items (e.g. refrigerator) that are pushing 20 years old??? Now, imagine you buy a few shiny new IoT appliances & they're all connected to the Internet--15+ years from now. Seriously, this is a disaster waiting to happen & a hacker's wet dream... Imagine what support will exist 15 years from now for current versions of Android 4.x, Linux 3.x, Apache, PHP, MySQL, etc. Or better yet, what 1999-era software still receives even security patches or bug fixes? (Win9x--nope. Linux 2.2--nope. IIS4--nope. W2K--nope. SQL Server 7--nope... You get my point...)
Ultimately, with the IoT, we're trusting that companies will be willing to support their products, including OS kernel patching on FOSS platforms that were long-abandoned by their progenitors, 25-odd years??? Dream on... I don't intend to replace my fridge or washer in a few years because it got "bricked" because of a security hole the manufacturer chose to ignore...
Belkin's problems are only the beginning...
temporary fix (Score:3, Interesting)