RED Alert! Belkin Wemo smart plug v2 epic fail

Big time bad news for Belkin Wemo smart plug owners!

Belkin Wemo smart plugs have a major security flaw.

If you own one of these devices, you need to take immediate action to limit the security exposure or throw it in the garbage.

According to 9to5Mac, a major security problem has been found with the Belkin Wemo Mini Smart Plug V2 that allows remote command execution.

That is bad, really bad. A hacker can remotely access the Wemo smart plug and plant arbitrary software into its firmware commanding it to do things never intended.

This hack can be done remotely from anywhere in the world. Hence the nefarious exploit is a “remote command execution” attack.

There is no update or fix for this security threat.

What you need to do immediately to fix your Belkin Wemo smart plug

If you own this device and are worried, which you should be, you have two options:

Disable Universal Plug and Play (UPnP), or

Throw away (recycle) the Wemo Mini Smart Plug V2

Belkin, at this time, has stated they will not be issuing a firmware update to fix the problem, and they will not be offering any other solution.

If you want to keep using the Belkin Wemo smart plug

Determine the technical changes your local home network needs to disable the UPnP feature.

Depending upon the network equipment you are using and your ability to delve into the details, this might be easy, difficult, or impossible.

Be aware that some devices prefer UPnP to be enabled, so if you disable it, you will have to configure these devices to keep them working manually.

Several years ago, I published an article, The Road to Hell is Paved with Good Intentions, explaining everything about UPnP.

   

Never buy anything from Belkin

I have had mixed experiences with Belkin products for years.

This terrible response from Belkin, demands only one action – complete boycott of all Belkin products.

Don’t get me wrong, I’m not punishing Belkin for having a security problem with one of their products.

I am taking this position because of their totally unacceptable response.

Bugs and flaws happen. Companies need to own them and take responsibility.

There are many better ways for Belkin to handle this situation:

They could issue a recall and refund the purchase price to every consumer.

They could send a replacement for every device they have sold. (Belkin makes newer versions that do not have this problem).

They could engineer a firmware fix and send it out electronically.

There may be other options, but choosing one of these would be a good start and other companies have done this previously.

The fact that Belkin is choosing profits (or maybe reducing their losses) by not offering their customers any option makes it clear they don’t value their customers or are concerned about the security risk.

They do not deserve your dollars.

Robert

Automation technologist and problem solver

Follow Us Around the Web