PSA: Older Wemo Smart Plugs Have Vulnerability That Leaves Them Open to Attack

Older Wemo smart plugs from Belkin have a vulnerability that allows them to be hacked, according to a blog post from security researchers at Sternum. The Wemo Mini Smart Plug V2 (model F7C063) from 2019 is vulnerable to a buffer overflow attack that can be used execute commands remotely.

belkin wemo v2 mini
Basically, the Wemo Mini Smart Plug V2 has a 30 character name limit that can be overwritten, leading to an exploitable memory buffer error. Full details on how the exploit works are available from Sternum.

Belkin told Sternum that it has no plans to update the Wemo Mini Smart Plug V2 because it is at the end of its life after four years and has been replaced with newer models. That leaves many potential Belkin customers vulnerable, as there are likely many of these smart plugs being used in the wild.

Sternum recommends that people prevent the Wemo Mini Smart Plug V2 from accessing the internet and communicating with other devices like the iPhone because of the vulnerability, but the safest bet would be to remove the plugs and replace them with something more secure.

Tags: Belkin, Wemo

Top Rated Comments

bottsjw Avatar
3 weeks ago
Yup. Belkin just lost my future business.
What a terrible policy/response.
Score: 67 Votes (Like | Disagree)
BBCWatcher Avatar
3 weeks ago
If you bought this product the first day it was available it’s 4 years old. If you were an average buyer it’s about 3 years old. And now Belkin has declared it e-waste because it was defective from the start, and they can’t be bothered to fix it. Thanks to Belkin for helping to destroy the planet faster.☹️
Score: 46 Votes (Like | Disagree)
mlrproducts Avatar
3 weeks ago
As someone affected Belkin is off my list.

What a lazy response “it’s 4 years so we decided screw customers we can’t write software for something you paid for.”

Contributing to more unnecessary e-waste.

I’d happily go back to just using regular switches if, in exchange, all companies like this could just be out out of business.
Score: 39 Votes (Like | Disagree)
Nermal Avatar
3 weeks ago
As others have said, that's pretty pathetic. Normal switches easily last for decades, so "killing" one after just four years is incredible.
Score: 33 Votes (Like | Disagree)
rtkane Avatar
3 weeks ago

Attachment Image
Score: 33 Votes (Like | Disagree)
Rafterman Avatar
3 weeks ago
Yeah, they might switch your lamp on and off to annoy you :)
Score: 29 Votes (Like | Disagree)

Popular Stories

gradiente iphone white

Brazilian Electronics Company Revives Long-Running iPhone Trademark Dispute

Tuesday May 19, 2020 1:06 pm PDT by
Apple has been involved in a long-running iPhone trademark dispute in Brazil, which was revived today by IGB Electronica, a Brazilian consumer electronics company that originally registered the "iPhone" name in 2000. IGB Electronica fought a multi-year battle with Apple in an attempt to get exclusive rights to the "iPhone" trademark, but ultimately lost, and now the case has been brought to...