And this is why you don't want proprietary, closed-source, Internet connected home automation gear...
-Tom http://www.tweaktown.com/news/35526/multiple-vulnerabilities-found-in-belkin-wemo-home-automation-modules/index.html Mike Davis who is a principal research scientist in IOActive found that Belkin WeMo home automation modules have multiple vulnerabilities which could endanger homes of half million users. According to the report, the vulnerabilities found in Belkin WeMo devices can potentially cause threats to users' house from anything as serious as opening doors to wasting electricity. The attackers can do to following via Belkin WeMo devices: -Remotely control WeMo Home Automation attached devices over the Internet -Perform malicious firmware updates -Remotely monitor the devices (in some cases) -Access an internal home network. It was found that Belkin WeMo firmware images uses public key encryption to protect against unauthorized modifications, but the sign in credentials are leaked via the firmware that's installed on the devices. Once the hackers get hold of these credentials, they can use their firmware to bypass security checks during the devices' firmware update process. [...] Davis said, "As we connect our homes to the Internet, it is increasingly important for Internet-of-Things device vendors to ensure that reasonable security methodologies are adopted early in product development cycles. ..." [...] _______________________________________________ Hardwarehacking mailing list [email protected] http://lists.blu.org/mailman/listinfo/hardwarehacking
