More than 500,000 home automation devices have vulnerabilities that would allow attackers to remotely take control of thermostats, lighting, sprinkler systems, and more.
Smart home networks are rapidly gaining popularity, but some security experts worry that not enough encryption controls are coming with the products. Security firm IOActive released an advisory (PDF) saying more than half a million Belkin WeMo devices are susceptible to widespread hacks. The firm uncovered several vulnerabilities in these devices, which would let hackers gain access to home networks and remotely control Internet-connected appliances.
The hacks could range from a mean-spirited prank to actually posing a danger. For example, they could be as benign as turning someone's house lights on-and-off to something dangerous like getting a fire started.Many of Belkin's WeMo home automation products let users build their own smart home solutions by adding Internet connectivity to any device - like sprinkler systems, thermostats, and antennas. Once connected, users can control their appliances with a smartphone from anywhere in the world.However, hackers could also get into these networks warns IOActive. The vulnerabilities found by the firm would let hackers remotely control and monitor home networks, along with perform malicious firmware updates and gain access to other devices, like laptops and smartphones.According to IOActive, the vulnerabilities would let hackers impersonate Belkin's encryption keys and cloud services to "push malicious firmware updates and capture credentials at the same time."As long as Belkin doesn't patch these vulnerabilities, IOActive recommends that users refrain from using the WeMo devices. The firm has worked with the US government's Community Emergency Response Team (CERT) on these recommendations and CERT issued its own advisory on Tuesday.The company said that users with the most recent firmware release (version 3949) are not at risk of hacks but those users on older releases should download the latest app from Apple's App Store or Google Play Store and upgrade their firmware.(Image Source: iCLIPART)