Older Wemo smart plugs from Belkin have a vulnerability that allows them to be hacked, according to a blog post from security researchers at Sternum. The Wemo Mini Smart Plug
Older Wemo smart plugs from Belkin have a vulnerability that allows them to be hacked, according to a blog post from security researchers at Sternum. The Wemo Mini Smart Plug V2 (model F7C063) from 2019 is vulnerable to a buffer overflow attack that can be used execute commands remotely.


Basically, the Wemo Mini Smart Plug V2 has a 30 character name limit that can be overwritten, leading to an exploitable memory buffer error. Full details on how the exploit works are available from Sternum.

Belkin told Sternum that it has no plans to update the Wemo Mini Smart Plug V2 because it is at the end of its life after four years and has been replaced with newer models. That leaves many potential Belkin customers vulnerable, as there are likely many of these smart plugs being used in the wild.

Sternum recommends that people prevent the Wemo Mini Smart Plug V2 from accessing the internet and communicating with other devices like the iPhone because of the vulnerability, but the safest bet would be to remove the plugs and replace them with something more secure.
Tags: Belkin, Wemo

This article, "PSA: Older Wemo Smart Plugs Have Vulnerability That Leaves Them Open to Attack" first appeared on MacRumors.com

Discuss this article in our forums

original link


You may also be interested in this

Apple releases first deve…

Following the conclusion of the previous beta cycle, Apple has now made available the initial developer betas for iOS 16.6 and iPadOS 16.6.New betas for iOS and iPadOSDevelopers who are

Apple’s upcoming Personal…

Macworld With WWDC just weeks away, Apple on Tuesday offered a preview of a wide range of new accessibility software features for the iPhone, iPad, and Mac. The features, intended

The New iPhone Charger: U…

Apple has announced that the next iPhone will be equipped with a USB-C charging port. This is a major change, as Apple has used its proprietary Lightning connector on iPhones

iOS 16.5.1 and macOS 13.4…

Apple today released iOS 16.5.1, iPadOS 16.5.1, macOS 13.4.1, and watchOS 9.5.2 updates, with the software adding security improvements. If you haven't updated yet, you should as soon as you

Apple reportedly delays n…

According to a number of different reports over the last few months, the Apple Watch is expected to switch from OLED to micro-LED in the future. A new report from

See the Apple Intelligenc…

Apple today provided developers with the third beta of iOS 18.1, and it adds Clean Up, a new Apple Intelligence tool created for the Photos app. With Clean Up, you

Latest iOS 18 and tvOS 18…

With the third betas of iOS 18, iPadOS 18, and tvOS 18, Apple has added InSight to the Apple TV app. InSight was announced as a new addition in the

These Gestures Are How Yo…

Apple Vision Pro, Apple's new "spatial computing" device, does not have a hardware-based control mechanism. It relies on eye tracking and hand gestures to allow users to manipulate objects in
X

A whimsical homage to the days in black and white, celebrating the magic of Mac OS. Dress up your blog with retro, chunky-grade pixellated graphics to evoke some serious computer nostalgia. Supports a custom menu, custom header image, custom background, two footer widget areas, and a full-width page template. I updated Stuart Brown's 2011 masterpiece to meet the needs of the times, made it responsive , got dark mode, custom search widget and more.You can download it from tigaman.com, where you can also find more useful code snippets and plugins to get even more out of wordpress.