PSA: Older Wemo Smart Plugs Have Vulnerability That Leaves Them Open to Attack
Older Wemo smart plugs from Belkin have a vulnerability that allows them to be hacked, according to a blog post from security researchers at Sternum. The Wemo Mini Smart Plug V2 (model F7C063) from 2019 is vulnerable to a buffer overflow attack that can be used execute commands remotely.
Basically, the Wemo Mini Smart Plug V2 has a 30 character name limit that can be overwritten, leading to an exploitable memory buffer error. Full details on how the exploit works are available from Sternum.
Belkin told Sternum that it has no plans to update the Wemo Mini Smart Plug V2 because it is at the end of its life after four years and has been replaced with newer models. That leaves many potential Belkin customers vulnerable, as there are likely many of these smart plugs being used in the wild.
Sternum recommends that people prevent the Wemo Mini Smart Plug V2 from accessing the internet and communicating with other devices like the iPhone because of the vulnerability, but the safest bet would be to remove the plugs and replace them with something more secure.
Top Rated Comments
What a terrible policy/response.
What a lazy response “it’s 4 years so we decided screw customers we can’t write software for something you paid for.”
Contributing to more unnecessary e-waste.
I’d happily go back to just using regular switches if, in exchange, all companies like this could just be out out of business.