Aug 21, 2018

Belkin-made smart plug could compromise entire networks

Photo: John McDonnell/The Washington Post via Getty Images

A vulnerability in a Belkin-made smart electric plug (which can connect appliances to WiFi) could allow hackers to access an entire local network, according to McAfee’s Advanced Threat Research team.

The big picture: The Internet of Things can make some tasks more convenient — like turning on and off the lights without getting out of bed, or controlling kitchen appliances remotely. But the convenience can come at a price.

The details:

  • The product is Belkin's Wemo Insight Smart Plug.
  • The vulnerability allows attackers to execute remote code.
  • McAfee alerted Belkin of the vulnerability in May in compliance with its responsible disclosure policy.

Impact: If the plug is hacked and networked with other devices, hackers can break the network router's security and "create a backdoor channel for an attacker to connect remotely, unnoticed on the network," Doug McKee, a senior security researcher at McAfee, explained.

  • Example: If hackers targeted a Smart TV on the network, for instance, they could turn that TV on and off, and also install or uninstall applications or access online content, per McKee.

Update: A Wemo spokesperson told Axios the company has been working with McAfee to "address the exploit and plan to release firmware in the coming month."

Go deeper

Cruise ship evacuations: More Americans test positive for coronavirus

A bus carrying American citizens from the quarantined Diamond Princess cruise ship arrives at the U.S. government-chartered aircraft that is taking them back to the United States while authorities wear protective suits look on at Haneda airport in Tokyo on Monday. Photo: Tomohiro Ohsumi/Getty Images

Another 14 passengers tested positive for the novel coronavirus during their evacuation from the Diamond Princess cruise ship before being flown in a "specialist containment" area of the plane to the United States, per a Trump administration statement early Monday.

Details: Over 40 Americans who had been on the ship had previously been confirmed as infected and will remain in Japanese hospitals for treatment, NIAID director Anthony Fauci told "Face the Nation" Sunday. The rest were evacuated, and these latest cases were among them. All evacuees will undergo a 14-day quarantine upon arrival later Monday.

Go deeperArrowUpdated 36 mins ago - Health

GM to exit Australia, New Zealand and Thailand

GM's Holden brand is popular among racing fans down under, and it's been a regular fixture at events like the Bathurst 1000 V8 Supercar Race in Australia. Photo: Speed Media/Icon Sportswire via Getty Images

General Motors is retiring its Holden brand from sales in Australia and New Zealand and winding down operations in the two countries and Thailand by 2021, the company confirmed in a statement Monday.

Why it matters: The Holden brand has been in Australia and New Zealand for 160 years, per a GM statement issued in Australia. It is beloved by many motor racing fans down under. Holden produced Australia's first wholly locally made car in 1948.

Go deeperArrowUpdated 2 hours ago - Economy & Business

In photos: Deadly Storm Dennis lashes U.K., Ireland and western France

A family is rescued from a property in Nantgarw, Wales, on Sunday. The storm comes a week after the U.K. was battered by storm Ciara, which killed two people, per the BBC. Photo: Matthew Horwood/Getty Images

Storm Dennis continued to pummel parts of England, Wales and Ireland over Sunday night with heavy rain after battering Northern Ireland and Scotland, per the official British weather agency the Met Office.

Why it matters: It's the second-strongest nontropical storm ever recorded in the North Atlantic Ocean, with its hurricane-force winds and heavy rains that caused widespread flooding across the U.K., the Washington Post notes. Police in Wales confirmed Sunday they found the body of a man who fell into a river as the storm lashed Ystradgynlais.

See photosArrow3 hours ago - World