• progress_activity cloud_sync

    Reconnection to the server…

    Movim cannot talk with the server, please try again later


    • Public subscriptions

    • chevron_right

      coopr8

    • chevron_right

      gabagoo

    • chevron_right

      kenu_demon

    • chevron_right

      coopr8

    • chevron_right

      gabagoo

    • chevron_right

      kenu_demon

    • chevron_right

      coopr8

    • chevron_right

      gabagoo

    • chevron_right

      kenu_demon

  • Register Login

    Movim

    movim.chatterboxtown.us


  • group_work rss_feed
    add Follow

    ArsTechnica

    • Ar chevron_right

      Wemo won’t fix Smart Plug vulnerability allowing remote operation

      news.movim.eu / ArsTechnica • 16 May 2023 • 1 minute

    Wemo Smart Plug V2

    Enlarge / This guy? This guy can be tricked into offering remote control if you give it a long name. But he's too old for his maker to care much about that.

    I once co-owned a coworking space. The space had doors with magnetic locks, unlocked by a powered relay. My partners and I realized that, if we could switch power to the system on and off, we could remotely control the door lock. One of us had a first-generation Wemo plug, so we hooked that up, and then the programmer among us set up a script that, passing Python commands over the local network, switched the door lock open and closed.

    Sometimes it would occur to me that it was kind of weird that, without authentication, you could just shout Python commands at a Wemo and it would toggle. I'm having the same feeling today about a device that's one generation newer and yet also possesses fatal flaws.

    IoT security research firm Sternum has discovered ( and disclosed ) a buffer overflow vulnerability in the Wemo Mini Smart Plug V2 . The firm's blog post is full of interesting details about how this device works (and doesn't), but a key takeaway is that you can predictably trigger a buffer overflow by passing the device a name longer than its 30-character limit—a limit enforced solely by Wemo's own apps—with third-party tools. Inside that overflow you could inject operable code. If your Wemo is connected to the wider Internet, it could be compromised remotely.

    Read 7 remaining paragraphs | Comments

    • tagtech tagtech tagtech tagbelkin tagbelkin tagbelkin taginternet of things taginternet of things taginternet of things tagiot tagiot tagiot tagsecurity tagsecurity tagsecurity tagsmart home tagsmart home tagsmart home tagwemo tagwemo tagwemo tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagtech tagtech tagtech tagbelkin tagbelkin tagbelkin taginternet of things taginternet of things taginternet of things tagiot tagiot tagiot tagsecurity tagsecurity tagsecurity tagsmart home tagsmart home tagsmart home tagwemo tagwemo tagwemo tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagtech tagtech tagtech tagbelkin tagbelkin tagbelkin taginternet of things taginternet of things taginternet of things tagiot tagiot tagiot tagsecurity tagsecurity tagsecurity tagsmart home tagsmart home tagsmart home tagwemo tagwemo tagwemo tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagwemo mini smart plug v2

    • Ar chevron_right

      Wemo won’t fix Smart Plug vulnerability allowing remote operation

      news.movim.eu / ArsTechnica • 16 May 2023 • 1 minute

    Wemo Smart Plug V2

    Enlarge / This guy? This guy can be tricked into offering remote control if you give it a long name. But he's too old for his maker to care much about that.

    I once co-owned a coworking space. The space had doors with magnetic locks, unlocked by a powered relay. My partners and I realized that, if we could switch power to the system on and off, we could remotely control the door lock. One of us had a first-generation Wemo plug, so we hooked that up, and then the programmer among us set up a script that, passing Python commands over the local network, switched the door lock open and closed.

    Sometimes it would occur to me that it was kind of weird that, without authentication, you could just shout Python commands at a Wemo and it would toggle. I'm having the same feeling today about a device that's one generation newer and yet also possesses fatal flaws.

    IoT security research firm Sternum has discovered ( and disclosed ) a buffer overflow vulnerability in the Wemo Mini Smart Plug V2 . The firm's blog post is full of interesting details about how this device works (and doesn't), but a key takeaway is that you can predictably trigger a buffer overflow by passing the device a name longer than its 30-character limit—a limit enforced solely by Wemo's own apps—with third-party tools. Inside that overflow you could inject operable code. If your Wemo is connected to the wider Internet, it could be compromised remotely.

    Read 7 remaining paragraphs | Comments

    • tagtech tagtech tagtech tagbelkin tagbelkin tagbelkin taginternet of things taginternet of things taginternet of things tagiot tagiot tagiot tagsecurity tagsecurity tagsecurity tagsmart home tagsmart home tagsmart home tagwemo tagwemo tagwemo tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagtech tagtech tagtech tagbelkin tagbelkin tagbelkin taginternet of things taginternet of things taginternet of things tagiot tagiot tagiot tagsecurity tagsecurity tagsecurity tagsmart home tagsmart home tagsmart home tagwemo tagwemo tagwemo tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagtech tagtech tagtech tagbelkin tagbelkin tagbelkin taginternet of things taginternet of things taginternet of things tagiot tagiot tagiot tagsecurity tagsecurity tagsecurity tagsmart home tagsmart home tagsmart home tagwemo tagwemo tagwemo tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagwemo mini smart plug v2

    • Ar chevron_right

      Wemo won’t fix Smart Plug vulnerability allowing remote operation

      news.movim.eu / ArsTechnica • 16 May 2023 • 1 minute

    Wemo Smart Plug V2

    Enlarge / This guy? This guy can be tricked into offering remote control if you give it a long name. But he's too old for his maker to care much about that.

    I once co-owned a coworking space. The space had doors with magnetic locks, unlocked by a powered relay. My partners and I realized that, if we could switch power to the system on and off, we could remotely control the door lock. One of us had a first-generation Wemo plug, so we hooked that up, and then the programmer among us set up a script that, passing Python commands over the local network, switched the door lock open and closed.

    Sometimes it would occur to me that it was kind of weird that, without authentication, you could just shout Python commands at a Wemo and it would toggle. I'm having the same feeling today about a device that's one generation newer and yet also possesses fatal flaws.

    IoT security research firm Sternum has discovered ( and disclosed ) a buffer overflow vulnerability in the Wemo Mini Smart Plug V2 . The firm's blog post is full of interesting details about how this device works (and doesn't), but a key takeaway is that you can predictably trigger a buffer overflow by passing the device a name longer than its 30-character limit—a limit enforced solely by Wemo's own apps—with third-party tools. Inside that overflow you could inject operable code. If your Wemo is connected to the wider Internet, it could be compromised remotely.

    Read 7 remaining paragraphs | Comments

    • tagtech tagtech tagtech tagbelkin tagbelkin tagbelkin taginternet of things taginternet of things taginternet of things tagiot tagiot tagiot tagsecurity tagsecurity tagsecurity tagsmart home tagsmart home tagsmart home tagwemo tagwemo tagwemo tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagtech tagtech tagtech tagbelkin tagbelkin tagbelkin taginternet of things taginternet of things taginternet of things tagiot tagiot tagiot tagsecurity tagsecurity tagsecurity tagsmart home tagsmart home tagsmart home tagwemo tagwemo tagwemo tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagtech tagtech tagtech tagbelkin tagbelkin tagbelkin taginternet of things taginternet of things taginternet of things tagiot tagiot tagiot tagsecurity tagsecurity tagsecurity tagsmart home tagsmart home tagsmart home tagwemo tagwemo tagwemo tagwemo mini smart plug v2 tagwemo mini smart plug v2 tagwemo mini smart plug v2

  • cloud_queue

    Powered by Movim