Internet

Do you have a smart plug of this brand? Don’t use it, it has a serious bug that they won’t fix

Have smart plugs at home is quite common. It is one of the first options that we take into account when we want to domotize the home. They are cheap, easy to use and very useful. But of course, like any device connected to the Internet, we can have certain risks. In this article we echo old plugs from a brand that have become obsolete, with vulnerabilitiesand they are not going to solve them.

When a device becomes obsolete, it means that it is vulnerable to possible attacks. It can happen with routers, computers, mobiles… It is something relatively common. The problem is that, in many cases, manufacturers decide not to release updates considering that they are old devices, that they are no longer sold and that they are used less.

Wemo Wi-Fi plugs vulnerable

Specifically, these are plugs from the Wemo brand, model Wemo Smart Plug Mini V2. This problem has been detected by a group of security researchers from Sternum. The bug could allow an attacker to take remote control of the plug, by bypassing the Wemo app with a Python app.

But what could the attacker do? Once connected via this vulnerability, you could change the device name to something longer than 30 characters, thus causing a crash. buffer overflow which would allow you to inject commands remotely.

The company has informed that since it is a product at the end of its useful life, it will not receive any updates. The error has been logged as CVE-2023-27217. Therefore, many users who have these types of smart plugs could have security problems if an attacker managed to exploit the flaw.

They are precisely the smart devices, home automation, which we see that have many problems of this type. They are devices that go out of style quickly, since they launch new, more sophisticated versions, and that makes them obsolete. However, there are many who continue to use them at home, without really knowing that they are vulnerable.

Vulnerability in sockets with Wi-Fi

What to do to avoid the problem

So what can you do if you have this type of socket at home? What the researchers who have discovered the problem recommend is avoid exposing UPnP ports from the Wemo Plug to the Internet and segment the network so that these devices are isolated. This can protect other devices that you have connected, such as a mobile or a computer.

The fact that they believe that this vulnerability could be exploited in the future without having to have physical access, it makes it more important to take that precaution that we mentioned. Other similar devices do not require an Internet connection to work, so the risk is lower.

However, if we are talking about the best possible recommendation to avoid problems, it would be avoid having outdated devices at home. If you detect that a version of a device that you have is no longer secure, it is best to replace it with another device. Logically, this supposes an economic investment.

As you can see, a version of Wemo plugs is vulnerable and they are not going to correct the problem. You can take measures to protect yourself, although the most effective of all is not to use this type of device directly. It is always convenient to have secure, updated devices connected to the home router. Protecting IoT devices is essential.

Related Articles