Belkin’s Wemo Insight Smart Plug is found to have a security flaw which may result in unauthorized takeover of smart TVs and other devices, according to McAfee’s Advanced Threat Research team.
The security flaw is in the device’s libUPnPHndlr.so library, known as flaw CVE-2018-6692. While smart plugs don’t have many features besides turning devices on and off, hackers may use the plug as an entry point to enter the home network and launch other attacks.
Researchers at the McAfee team found two attack techniques used to exploit this vulnerability: a write-what-where and overwriting the return address on the stack.
In the test, they successfully took control of a TCL smart TV connecting to the home network. Further threatening actions might take place, like installing/uninstalling applications and accessing arbitrary online content.
“Because attacks can be conducted through the Wemo and the port mappings generated using this exploit are not visible from the router’s administration page, the attacker’s footprint remains small and hard to detect,” said Douglas McKee, a researcher at McAfee.
Attackers may further implant malware on connected devices in the network using this vulnerability. The attack’s success will depend on the rest of the network’s security. After initial success, attackers may launch more attacks remotely on business servers, personal laptops and network devices.
Belkin’s Wemo smart plug isn’t the first smart home device found to have security issue. Last week 32,000 smart home hubs using the MQTT protocol allowed hackers to track homeowners’ movements and to see whether the smart door was unlocked. Back in July, Samsung’s SmartThings Hub controller was found to have 20 flaws.
Back in 2014 Wemo devices were found to have security flaws which could enable attackers to take over remote control of connected devices, deliver malicious firmware updates and gain access to the internal LAN.
“These devices run operating systems and require just as much protection as desktop computers,” said McKee.
McAfee team reported the issue to Belkin in May, saying that the patch will come with a new firmware update in the coming month.