Skip to main content
  1. Home
  2. Smart Home
  3. Smart Home News

Thousands of Belkin WeMo devices may be vulnerable to hackers: UPDATED

By

UPDATE: Belkin has now released a fix for the security issues mentioned below. To remedy the issue, Belkin urges WeMo users to download the latest app from the App Store (version 1.4.1) or Google Play Store (version 1.1.2) and then upgrade the firmware version through the app. Find more information here

According to a recently-released study from security research firm IOActive, nearly half a million Belkin WeMo devices may be vulnerable to attackers.

Recommended Videos

In a number of different experiments, the WeMo line – which includes things like remotely-controlled switches, plugs, and motion sensors for home automation – was shown to have a variety of different security flaws that give hackers the ability to:

  • Remotely control WeMo devices over the Internet
  • Perform malicious firmware updates
  • Remotely monitor devices
  • Access an internal home network

Obviously, this is bad news for Belkin, but it’s even worse news for anyone who currently has a WeMo device in their house. If these vulnerabilities are legitimate, it means that once attackers have compromised a device, they’re free to remotely turn WeMo-connected appliances on or off at will. Depending on the gear users have connected to their WeMos, this could lead to something as harmless as some wasted electricity, or as dangerous as a house fire. On top of that, WeMo motion sensors could be used to remotely monitor a house. This could make a home an easy target for tech-savvy burglars who can use a compromised WeMo to determine when people are in that house, and when they aren’t.

Related: 
The 8 best TVs for gaming in 2025, as vetted by our experts

Additionally, once an attacker has established a connection to a WeMo device within a victim’s network, the compromised device can be used as a foothold to attack other devices on your home network – including things like laptops, mobile phones, network-attached storage, or home automation devices. 

Mike Davis, IOActive’s principal research scientist, had this to say about the findings: 

“As we connect our homes to the Internet, it is increasingly important for Internet-of-Things device vendors to ensure that reasonable security methodologies are adopted early in product development cycles. This mitigates their customer’s exposure and reduces risk.”

We couldn’t agree more.

IOActive has reached out to Belkin for comments on the issue, but has yet to receive a response. For the time being, we recommend that you unplug any WeMo devices you may own and check back for updates.

We’ll keep you posted should any security patches be released.

[via Help Net Security]

Drew Prindle
Drew Prindle
Senior Editor, Features
Drew Prindle is an award-winning writer, editor, and storyteller who currently serves as Senior Features Editor for Digital…
Topics
Ultraloq showcases the first-ever ultra-wideband smart lock at CES 2025
Bolt Mission UWB + NFC installed on a white door.

Ultraloq showed off two smart locks at CES 2025 -- one of which is the first smart lock to ever offer ultra-wideband (UWB) support. The Ultraloq Bolt Mission UWB + NFC uses UWB technology to unlock automatically as you approach your front door. Similar functionality already exists on other smart locks, but UWB should allow the Ultraloq Bolt Mission to be more accurate than the competition.

The Bolt Mission uses technology similar to digital car keys, and Ultraloq says it can track the keyholder’s phone location with “centimeter-level” accuracy. As your phone gets closer to the front door, the Bolt Mission can be programmed to automatically unlock, giving you a hands-free way to get inside. Better yet, because the smart lock can detect both your distance and direction from the front door, it should prevent you from accidentally unlocking the smart lock while inside your home.

Read more
Ulticam shows off three AI-powered security cameras at CES 2025
The Ulticam IQ installed outside a home.

Ulticam, the new security camera brand of Xthings, revealed a lineup of three AI-powered cameras at CES 2025. The Ulticam IQ, Ulticam IQ Floodlight, and Ulticam Dot offer not just cool AI capabilities, but also free seven-day cloud storage -- which could make them a solid choice for value-minded shoppers leery about signing up for monthly storage plans.

The Ulticam IQ and IQ Floodlight are the main attractions, as they're packed with features that should pose solid competition for the best smart security cameras from Arlo, Nest, and Ring. The duo uses edge AI to quickly identify people, vehicles, and packages without needing to upload the video for server-side processing. This onboard processing should result in faster performance -- it’s also great for privacy and security, as your footage doesn’t have to leave your device.

Read more
Home Depot expands Hubspace smart home lineup at CES 2025
The Home Depot Hubspace logo on a white background.

Hubspace, Home Depot’s smart home platform, has seen impressive growth over the past few years, and that growth continued at CES 2025. Three new gadgets were revealed at the event, including a wireless power switch to control Hubspace products, a portable air conditioner, and a window-mounted air conditioner. All three are unique additions to the catalog -- and since there’s not much like them on the market, they should quickly become popular options in their respective niches.

The Hubspace Remote Switch is arguably the most useful of the three gadgets. Designed to look like a light switch, but with a removable remote controller, it works with select Hubspace light bulbs, fixtures, plugs, power sockets, surge protectors, and more. You’ll get standard on and off functions, plus access to brightness controls. Its sleek looks and versatility should make it a great choice for shoppers seeking an entry-level smart switch.

Read more