Security researchers asked consumers to stop using Belkin’s WeMo home automation products after finding various vulnerabilities in the items that attackers could use to gain access to home networks, thermostats, or other connected devices. The line of products enable individuals to use their IOS and Android smartphones and computers to remotely control items including light switches, Web cams, motion sensors, and other home appliances. They were found to be exposing the password and cryptographic signing key used to ensure that firmware updates are valid, stated IOActive, a security firm. The US Computer Emergency Response Team issued a vulnerability note with five identified issues in the products. Belkin, in an 18 February 2014 statement, says it has fixed the vulnerabilities, which include updates to the API server, firmware, and application that could have possibly allowed the devices to be attacked. (Ars Technica)(eWeek)(IO Active)(Belkin)
