On Tuesday, IOActive Security Advisory released a report that Belkin WeMo home automation devices
are susceptible to security breaches. This was quite unnerving to me because I currently own the Belkin WeMo baby monitor, and I LOVE it, but the idea of someone hacking my baby monitor is just plain scary. The report states that their researchers tested the WeMo “Light Switch” firmware and subsequently, they uncovered a series of security issues with the device.
These security issues may allow:
– Remote control of attached devices over the internet – Meaning someone could remotely turn your lights on/off
– Malicious firmware updates – Malicious firmware updates could be automatically updated on your devices putting your network and others at risk for security issues.
– Remote monitoring – someone could be listening in on your device i.e. my baby monitor and conversations in our home since our monitor is always on.
– Home network access – allows access to any device that is connected to your network like your laptop, cell phone, etc.
According to the report, these devices require firmware images to be “signed with public key encryption to protect the device from unauthorized modifications.” The issue is that these signing keys and passwords are stored in the firmware that is currently on the devices, meaning the public key is easily accessible and not very secure at all. This allow hackers to impersonate Belkin’s encryption keys/password allowing them to trick the device into thinking the firmware update is valid. Malicious firmware updates can easily be installed remotely without your knowledge.
Mike Davis, IOActive’s principal research scientist, said “As we connect our homes to the Internet, it is increasingly important for Internet-of-Things device vendors to ensure that reasonable security methodologies are adopted early in product development cycles. This mitigates their customer’s exposure and reduces risk. Another concern is that the WeMo devices use motion sensors, which can be used by an attacker to remotely monitor occupancy within the home.”
IOActive advised anyone who is currently using a WeMo device on their network to unplug it immediately and discontinue it’s use until Belkin patches the vulnerability.
Looks like I will be switching back to my old school baby monitor for now…
Do you currently use any Belkin WeMo devices in your home? How does this security breach make you feel?
Do you understand how public key encryption works?
It’s assumed that anyone can know your public key – it’s public. The firmware updates (or any data) need to be signed by the private key, which must be protected and kept private, and can then be validated by the public key. It’s not feasible to calculate the private key given the public key, which is why this method remains secure, and only the private key can be used to sign data blocks like the firmware update.
So, unless Belkin has let its *private* key leak out, or if they have not properly implemented their signing check, your assertions about the public key being accessible are not in fact a flaw; that’s just how it works. Knowing the public key should not pose any risk of unauthorized firmware updates being allowed, any more than knowing the public key of any SSL-protected web site would let you impersonate its host server.
I’m glad I haven’t installed that light switch yet. Once again, procrastination pays off! 😉
Meu IP vai esperar em 7 dias porque?
Whilst I concur with your remarks on the necessity for the deliberate availability of public keys, I fear that this article is so vague as to its understanding of PK crypto that there may yet be cause for concern (as you point out in your ‘unless’ rider!).
The problem is that although the quoted text (“signed with public key encryption to protect the device from unauthorized modifications.”) may mislead (obviously one assumes that the signature is done with the secret key – it’s kinda the whole point), the following text states “The issue is that these signing [i.e. private] keys and passwords are stored in the firmware that is currently on the devices” (my bracket).
Which, if true, is unbelievably stupid and unnecessary. The only thing that should be on the device is – as you point out – the public key and enough crypto to verify (using aforementioned public key) the signature on the software that was signed (with the private key) at (presumably) Belkin, millions (OK, hundreds) of miles away and itself secure.
Although it stretches credibility that Belkin would do something so brain-dead, if one is to believe this article is not just anti-Belkin propaganda planted by business rivals, it’s certainly of concern.