Video from The Security of Things Forum: Hacking the Belkin WEMO with Invincea

In this presentation from the 2016 Security of Things Forum, Scott Tenaglia of Invincea describes vulnerabilities in the WeMo smart home products.

In-brief: In this video from the Security of Things Forum in September, Scott Tenaglia of Invincea demonstrates vulnerabilities in Belkin’s WeMo family of connected home products. 

The Security Ledger hosted its third annual Security of Things™ Forum back in September. One of our more notable presentations came from Scott Tenaglia of the firm Invincea, who talked about security holes he found in home automation technology sold by the firm Belkin.

Tenaglia’s research built on the work of others, including Nitesh Dhanjani’s work describing the ability to snoop user names and passwords from insecure Belkin baby cameras and IOActive’s Mike Davis, who also researched the Belkin WeMo home automation products and found problems including the flawed use of encryption technologies. WeMo devices shipped with both private and public encryption keys stored on the on devices and failed to validate SSL certificates used to authenticate inbound communications to the device, Davis discovered.

In this talk, Scott talks about a variety of flaws he found in the WeMo line of products including vulnerability to a type of attack known as SQL injection. By sending purposely mis-formed updates to WeMo devices, he found he could create his own malicious executable that was run by the WeMo smart device, allowing him to take control of those devices.

Scott’s is one of a number of presentations given at our 2016 Forum in Cambridge. If you’d like to view our other video sessions, use the form on the Contact page to request a Security of Things Forum video pass.

4 Comments

  1. Have you eveг thought aƅout рublisɦing an e-booқ or guest authoring on օther sites?
    I have a bⅼog centered on the same topіcs уou discuss
    and wоuld really ⅼike to have you syare some stories/informɑtion. I know my rеaders would vaⅼue youг work.
    If you are even remotely interested, feeel free too shoot me an e mail.

  2. Pingback: 300 Billion Passwords? Internet of Things Growth poses Unprecedented Threat by 2020 -

  3. Pingback: Survey: Hackers for Hire Find Most Networks Easy Prey -

  4. Pingback: Today: Security Ledger Live with Tenable Co-Founder Ron Gula -