{"id":91083,"date":"2019-04-22T11:15:43","date_gmt":"2019-04-22T18:15:43","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=91083"},"modified":"2025-08-12T23:51:59","modified_gmt":"2025-08-13T06:51:59","slug":"wemo-vulnerability","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/internet-security\/wemo-vulnerability\/","title":{"rendered":"McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs"},"content":{"rendered":"

*This blog is originally from August 2018 and was updated April 2019*<\/p>\n

From connected baby monitors to smart speakers \u2014 IoT devices are becoming commonplace in modern homes. Their convenience and ease of use make them seem like the perfect gadgets for the whole family. However, users can be prone to putting basic security hygiene on the backburner when they get a shiny new IoT toy, such as applying security updates, using complex passwords for home networks and devices, and isolating critical devices or networks from IoT. Additionally, IoT devices\u2019 poor security standards make them conveniently flawed for someone else: cybercriminals, as hackers are constantly tracking flaws which they can weaponize. When a new IoT device is put on the market, these criminals have a new opportunity to expose the device\u2019s weaknesses and access user networks. As a matter of fact, our McAfee Labs Advanced Threat Research team uncovered a flaw in one of these IoT devices: the Wemo Insight Smart Plug, which is a Wi-Fi\u2013connected electric outlet.<\/p>\n

Once our research team\u00a0figured out how exactly the device was vulnerable<\/a>, they leveraged the flaw to test out a few types of cyberattacks. The team soon discovered an attacker could leverage this vulnerability to turn off or overload the switch, which could overheat circuits or turn a home\u2019s power off. What\u2019s more \u2013 this smart plug, like many vulnerable IoT devices, creates a gateway for potential hackers to compromise an entire home Wi-Fi network. In fact, using the Wemo as a sort of \u201cmiddleman,\u201d our team leveraged this open hole in the network to power a smart TV on and off, which was just one of the many things that could\u2019ve been possibly done.<\/p>\n

And as of April 2019, the potential of a threat born from this vulnerability seems as possible as ever. Our ATR team<\/a> even has reason to believe that cybercriminals already have or are currently working on incorporating the unpatched Wemo Insight vulnerability into IoT malware. IoT malware is enticing for cybercriminals, as these devices are often lacking in their security features. With companies competing to get their versions of the latest IoT device on the market, important cybersecurity features tend to fall by the wayside. This leaves cybercriminals with plenty of opportunities to expose device flaws right off the bat, creating more sophisticated cyberattacks that evolve with the latest IoT trends.<\/p>\n

Tips to Stay Proactive<\/h2>\n

Now, our researchers have reported this vulnerability to Belkin, and, almost a year after initial disclosure, are awaiting a follow-up. However, regardless if you\u2019re a Wemo user or not, it\u2019s still important you take proactive security steps to safeguard all your IoT devices. Start by following these tips:<\/p>\n