Analysis of Smart Home Security from Belkin WeMo Security Vulnerability events

Many consumers are hesitant to Buy Smart Home devices because they are afraid that their thermostat or fluorescent lamps will be hacked. Facts have proved that their concerns are justified: security researchers recently revealed several serious vulnerabilities in Belkin's WeMo smart home device.

Security company IOActive at Seattle announced the results yesterday (February 18. The IOActive statement states that software vulnerabilities on the WeMo device may allow attackers to remotely control the device, install Malicious firmware, monitor the running status of the target device, and even access the computer network of the target device.

WeMo devices include light switches, mobile detectors, and security cameras. At CES2014, Belkin revealed that intelligent cooking utensils, smart bulbs, and even a diypack capable of Intelligent low-voltage devices will soon be added to its production line. It is easy to imagine that malicious hackers can seize the opportunity in these ordinary devices.

This vulnerability exists in WeMo's firmware upgrade process, which relies entirely on smart phone applications connected to WeMo devices. It is commendable that every new firmware update of Belkin is encrypted, but the key of each update is already in the existing firmware of the system. In fact, this allows hackers to paralyze the firmware before it is released.

Belkin also relaxed its Security Socket Layer (SSL) network connection protocol. When the WeMo device is connected to the Belkin's central server, Belkin does not immediately acknowledge its SSL certificate. This allows anyone with an SSL Certificate (an easy-to-obtain Security Protocol) to perform a false firmware upgrade for users who do not doubt it.

When you use WeMo devices, you may not want to unplug them and then live like a forest hermit in the next time. Belkin quickly responded to new IOActive discoveries and announced later yesterday that it had fixed the vulnerability with the latest firmware update.

First, make sure that your device is protected, and then open the iOS App Store or Google Play Store to make sure that your WeMo App is in the latest version, in addition, this application can transmit the latest firmware to the device.

Although WeMo's product line is secure now, it reveals the secrets of Smart Home Technology: In general, smart home security protocols are funny. ZigBee and Z-Wave are two of the most common smart home protocols, which were hacked a few months ago, but few companies are interested in fixing these problems.

Without the Security Smart Home protocol, manufacturers will rely on the traditional Wi-Fi architecture. The security of standard computer programs and mobile applications depends on how programmers design them. No program can be hacked-just like WeMo.

Most insecure applications can reveal users' email addresses or even credit card numbers. Even an insecure smart home device can fire a house! Of course, this is an extreme example. We hope that in the next few years, the smart home security problem will be effectively solved.