Aug 21, 2018

Belkin-made smart plug could compromise entire networks

Kitchen appliances in a renovated house

Photo: John McDonnell/The Washington Post via Getty Images

A vulnerability in a Belkin-made smart electric plug (which can connect appliances to WiFi) could allow hackers to access an entire local network, according to McAfee’s Advanced Threat Research team.

The big picture: The Internet of Things can make some tasks more convenient — like turning on and off the lights without getting out of bed, or controlling kitchen appliances remotely. But the convenience can come at a price.

The details:

  • The product is Belkin's Wemo Insight Smart Plug.
  • The vulnerability allows attackers to execute remote code.
  • McAfee alerted Belkin of the vulnerability in May in compliance with its responsible disclosure policy.

Impact: If the plug is hacked and networked with other devices, hackers can break the network router's security and "create a backdoor channel for an attacker to connect remotely, unnoticed on the network," Doug McKee, a senior security researcher at McAfee, explained.

  • Example: If hackers targeted a Smart TV on the network, for instance, they could turn that TV on and off, and also install or uninstall applications or access online content, per McKee.

Update: A Wemo spokesperson told Axios the company has been working with McAfee to "address the exploit and plan to release firmware in the coming month."

Go deeper