sb-eu logo
Story image

Belkin WeMo Insight smart plugs vulnerable to attack

29 Apr 2019

Cybersecurity firm McAfee is suggesting that the Belkin WeMo Insight smart plug could be vulnerable to malware attacks – and Belkin has taken a very long time to fix the problem.

Earlier this month, McAfee head of advanced threat research Steve Povolny came out swinging against Belkin. He claims that in May 2018 his team warned Belkin of a vulnerability (CVE-2019-6692) that could be exploited by an attacker to turn off the switch, overload it, or connect to the switch’s network to become an entry point to a larger attack.

Despite Belkin’s acknowledgement of the vulnerability, it seems the company never did anything about it. Instead, they apparently patched a vulnerability in an entirely different product that doesn’t appear to be on the market anymore.

Three months later McAfee publicly disclosed the vulnerability to raise awareness that there is a definite security issue with the WeMo Insight smart plug. Still, Belkin did nothing about it, according to Povolny.

“As of April 10th, 2019, we have heard of plans for a patch towards the end of the month and are standing by to confirm,” he writes in a blog – but there doesn’t seem to be any hard evidence or a release date yet.

So it has taken almost a year for Belkin to do something about it – all that time, the vulnerability has remained exploitable. Povolny also suspects that malware creators are exploiting the WeMo Insight vulnerability into IoT malware, because the devices are unpatched. The Bashlite malware is one such piece of malware that is already compromising IoT devices.

“As this vulnerability requires network access to exploit the device, we highly recommend users of IoT devices such as the WeMo Insight implement strong WIFI passwords, and further isolate IoT devices from critical devices using VLANs or network segmentation,” Povolny writes.

He also points out that IoT devices are prime targets for security issues, and companies like Belkin should be quick off the mark to fix issues, especially when attackers keep track of vulnerabilities that they can weaponise.

He adds that consumers should also apply basic security measures like keeping on top of product updates, using strong passwords, and keeping critical devices away from the IoT.

What’s more, those who use their work devices on home networks should also be concerned.

“Just because this is an IoT consumer device typically, does not mean corporate assets cannot be compromised.  Once a home network has been infiltrated, all devices on that same network should be considered at risk, including corporate laptops.  This is a common method for cyber criminals to cross the boundary between home and enterprise. “

Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Spending on managed security services in A/NZ to grow despite COVID headwinds
COVID-19 has changed security priorities significantly, and managed security services in A/NZ are set to benefit. More
Story image
How security awareness training can safeguard companies from cyber-attacks
Training goes a long way in embedding a culture of cybersecurity compliance within the company.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More