0 likes5 views

PSA: time to recycle your old Wemo smart plugs (if you haven’t already)

May 16, 2023

A Wemo Smart Plug Mini, front view — *The Wemo Smart Plug Mini V2’s security flaw will not be fixed.* | Photo by Amelia Holowaty Krales / The Verge

Security researchers at Sternum report they’ve found an exploitable vulnerability in the Wemo Smart Plug Mini V2 (via 9to5Mac). The plug debuted in 2019, offering cross-platform compatibility with Apple HomeKit, Google Assistant, and Alexa.

The bug would let a savvy hacker gain remote command of your Wemo plug by circumventing the Wemo app with a community-made Python app called PyWeMo. Once connected, an attacker can change the device name to something with more than 30 characters, resulting in a buffer overflow that allows the attacker to inject commands remotely.

When Sternum disclosed the vulnerability to Belkin, it was told that since the device was at the end of its life, it would not be receiving a fix. Sternum then reported the…

LATEST

Recent Posts

PSA: time to recycle your old Wemo smart plugs (if you haven’t already)

The Metal Gear Solid 3 remake will reuse the original game’s voice lines — with no changes

Twitter is adding crowdsourced fact checks to images

Smart door lock maker Level is bringing a new video doorbell to apartment dwellers

Overwatch 2 celebrates its first in-game Pride event

Rivian teases its next-generation R2 SUV that’s smaller than the R1S

The future of podcasts is getting written in print