Popular UK ‘Smart Home’ system could allow hackers to set homes on fire from any PC

Rob Waugh
The vulnerability could allow buglars to check if families are home

‘Smart home’ systems are supposed to make our lives easier - but a U.S. scientist has uncovered a series of weaknesses in one of the most popular in the UK - Belkin’s WeMo system, sold in high street outlets such as Maplin.

The budget system consists of Wi-Fi connected switches which people can control via smartphone, to adjust lighting, heating and systems such as motion sensors - but security is so weak that attackers can black out lights or turn on electric fires and ovens to potentially cause fires.

Last Christmas, sales of ‘smart home’ gadgets rose by 50%, according to High Street electronics chain Maplin - as apps replaced expensive control panels, prices fell rapidly.

Security firm IOActive describes it as the most serious threat ever against such ‘smart’ home devices - allowing attackers to use motion-sensor security systems AGAINST families - so burglars could time attacks for when families were on holiday.

There is also no ‘cure’ currently available - the security firm which uncovered it instead advises users to unplug the equipment immediately. Belkin’s system allows users to issue commands to lights, ovens, heaters and motion sensors via a smartphone app - but it’s far too easy for hackers to ‘take control’, says security firm IOActive.

Mike Davis, of security firm IOActive, which specialises in securing industrial control systems and medical devices, said in an interview with Yahoo News, “The advice we have currently been providing is to disconnect the devices from the network. No one likes that answer, but that’s the best we can do.”


[How to keep children safe online on ANY gadget]

Davis is the lead scientist on the security probe, and claims that Belkin have failed to be clear on whether some of their serious concerns were addressed. He claims that he first reported the vulnerability to Belkin in October. 

“Belkin for its part is claiming the issues were fixed long ago,” Davis says, but the company has “never discussed how they did so, or spoke to us regarding other serious issues.  At this point the best advice I can give is to remove them until it is clear that all outstanding issues were addressed correctly. But as of yet Belkin has not communicated those mitigations to us in any way.”

Smart devices have increasingly become vulnerable to attacks, as more and more objects become connected to the internet - a similarly chilling assault on Philips’ Hue lighting system required the attacker to be on the same Wi-Fi network as his victim - i.e. close to the scene of the crime. Researchers demonstrated that it was possible to ‘black out’ a Hue system, leaving it impossible to turn back on.

This new vulnerability is far worse, Davis claims - because attackers can control WeMo systems from anywhere via the net. The WeMo system also works with security systems and fires, so it could cause real, physical danger to those under attack.

Last year, the scope of such web-connected systems to cause real damage was thrown into sharp relief when a hacker managed to break into a baby monitor system, and spy on and insult a toddler in their bed.

"I think they should probably fire the guy who architected the security of the system as wholly incompetent. It needs to be reprogrammed with better code," Davis said. "When that will happen is entirely up to how dedicated Belkin is to solving the issue. We would have helped Belkin architect this solution but we were never asked for our feedback.

“This is the worst home automation vulnerability I’ve seen,” he continues. “I dont think the issues themselves are all that uncommon for embedded devices, but the way these issues were stacked on top of each other and combined with cloud connectivity really made stupid design decisions potentially disastrous.”

Such hacks have been shown off before - but have hit headlines with increasing frequency over the past year, as hackers have shown off ways to attack internet-connected fridges, cars and even toilets.

IOActive claims 500,000 users could be at risk - and warns that the diverse range of electronics connected to WeMo sockets mean that the vulnerabilities could even be used to start fires

IOActive’s Mike Davis claims that Belkin had known about the vulnerabilities for months, but failed to act. In an interview with EWeek, Davis said, “We can confirm Belkin got the vulnerability information, as a member of the Belkin team contacted me via LinkedIn; we discussed the vulnerabilities, but they didn't follow up on it."

The Belkin WeMo was hailed as revolutionary because it brought ‘smart house’ functions within reach of ordinary people. It works using a set of wi-fi connected power sockets that can plug into anything in the home from heaters to lights to televisions. Anything plugged into a Belkin WeMo socket can be turned on and off remotely from a smartphone screen, or set up to work to a schedule.

Philips Hue lighting system was also shown to be vulnerable to attacks which can cause a “perpetual blackout” in the homes of users, according to a security researcher.

The Hue wireless system - on sale in Apple store - controls wireless LED light bulbs in the home via a wireless bridge, and can be controlled by iOS and Android apps. But researcher Nitesh Dhanjani says that the system it uses to authenticate devices means that it’s all too easy to turn lights on and off in other people’s homes.

Attackers could “black out” all the Hue lights from nearby (any nearby location within reach of the same Wi-Fi network) by using malware to capture one of the list of “whitelisted tokens” - and then “issue ‘all lights off’ ins

“By 2022, the average household with two teenage children will own roughly 50 such Internet connected devices, according to estimates by the Organization for Economic Co-Operation and Development,” Dhanjani says. “Our society is starting to increasingly depend upon IoT devices to promote automation and increase our well being. As such, it is important that we begin a dialogue on how we can securely enable the upcoming technology.”