Belkin-made smart plug could compromise entire networks
A vulnerability in a Belkin-made smart electric plug (which can connect appliances to WiFi) could allow hackers to access an entire local network, according to McAfee’s Advanced Threat Research team.
The big picture: The Internet of Things can make some tasks more convenient — like turning on and off the lights without getting out of bed, or controlling kitchen appliances remotely. But the convenience can come at a price.
- The product is Belkin's Wemo Insight Smart Plug.
- The vulnerability allows attackers to execute remote code.
- McAfee alerted Belkin of the vulnerability in May in compliance with its responsible disclosure policy.
Impact: If the plug is hacked and networked with other devices, hackers can break the network router's security and "create a backdoor channel for an attacker to connect remotely, unnoticed on the network," Doug McKee, a senior security researcher at McAfee, explained.
- Example: If hackers targeted a Smart TV on the network, for instance, they could turn that TV on and off, and also install or uninstall applications or access online content, per McKee.
Update: A Wemo spokesperson told Axios the company has been working with McAfee to "address the exploit and plan to release firmware in the coming month."