Photo: John McDonnell/The Washington Post via Getty Images

A vulnerability in a Belkin-made smart electric plug (which can connect appliances to WiFi) could allow hackers to access an entire local network, according to McAfee’s Advanced Threat Research team.

The big picture: The Internet of Things can make some tasks more convenient — like turning on and off the lights without getting out of bed, or controlling kitchen appliances remotely. But the convenience can come at a price.

The details:

  • The product is Belkin's Wemo Insight Smart Plug.
  • The vulnerability allows attackers to execute remote code.
  • McAfee alerted Belkin of the vulnerability in May in compliance with its responsible disclosure policy.

Impact: If the plug is hacked and networked with other devices, hackers can break the network router's security and "create a backdoor channel for an attacker to connect remotely, unnoticed on the network," Doug McKee, a senior security researcher at McAfee, explained.

  • Example: If hackers targeted a Smart TV on the network, for instance, they could turn that TV on and off, and also install or uninstall applications or access online content, per McKee.

Update: A Wemo spokesperson told Axios the company has been working with McAfee to "address the exploit and plan to release firmware in the coming month."

Go deeper

Boeing's one-two punch

Illustration: Aïda Amer/Axios

The grounding of Boeing’s 737 MAX was the worst crisis in the plane-maker’s century-long history. At least until the global pandemic hit.

Why it matters: Wall Street expects it will be cleared to fly again before year-end. Orders for what was once the company’s biggest moneymaker were expected to rebound after the ungrounding, but now the unprecedented slump in travel will dash airlines’ appetite for the MAX and any other new planes, analysts say — putting more pressure on the hard-hit company.

New downloads of TikTok, WeChat to be blocked in U.S. on Sunday

Illustration: Sarah Grillo/Axios

The Commerce Department issued Friday an order blocking new downloads of WeChat and TikTok in the U.S. as of Sept. 20.

The state of play: President Trump has been in a standoff with TikTok, threatening to ban the app if it's Chinese owner, ByteDance, does not relinquish control to a U.S. company. A deal is in the works with the American tech company Oracle, but would need to go through before Sunday to prevent TikTok from being ousted from app stores.

Updated 3 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Eniola Odetunde/Axios

  1. Global: Total confirmed cases as of 6:30 a.m. ET: 30,199,007 — Total deaths: 946,490— Total recoveries: 20,544, 967Map
  2. U.S.: Total confirmed cases as of 6:30 a.m. ET: 6,675,593 — Total deaths: 197,644 — Total recoveries: 2,540,334 — Total tests: 90,710,730Map
  3. Politics: Former Pence aide says she plans to vote for Joe Biden, accusing Trump of costing lives in his coronavirus response.
  4. Health: Pew: 49% of Americans wouldn't get COVID-19 vaccine if available today Pandemic may cause cancer uptick The risks of moving too fast on a vaccine — COVID-19 racial disparities extend to health coverage losses.
  5. Business: Retail sales return to pre-coronavirus trend.