Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
PSA: Older Wemo Smart Plugs Have Vulnerability That Leaves Them Open to Attack
- Thread starter MacRumors
- Start date
- Sort by reaction score
You can change the name of the device after setup. So it’s still vulnerable to this attack post setup.
I got one of these from a thrift shop last summer and recently unplugged it since I didn't need it in that room anymore. Super dumb they released a statement and didn't bother to even try to fix the issue.
Well, if Belkin is basically telling me to live with the flaw or buy a new plug, I'll buy a new plug - from a different company.
It doesn’t give them full access, or really any access, to “the devices on the network”. If that were the case, any visitor using your wifi has full acchess to your computer, which is not the case.
Sure, devices with no security, maybe.
Yeah, they might switch your lamp on and off to annoy you
These devices are being used in botnets to be proxies for crime, bandwidth for DDoS attacks, and all sorts of nastiness like that. They’re not after your lights, they just want your internet connection.
Planned obsolescence is definitely a problem for the smart home, dumb equivalents should last decades meanwhile the ‘smart’ version gets abandoned after a few years
What shocks me the most about this is that there aren't more people expressing terrible experiences with all things Wemo. Sounds like other have actually been able to get them to work reliably? I have found them to be the worst "no response" offender of all HomeKit enabled smart plugs I have used. So we moved off of them a few years back -- and it sounds like I'm the unintended beneficiary as I do not now have to work about these security concerns (however legit or not they are). To me, Belkin enjoys the market share it does because they do whatever must have been necessary to get prime positioning in Apple Stores and people therefore assume they must be good and reliable. Not my experience with v2, minis or the other variations I've been dumb enough to throw my money at.
That being said, I'm a sample size of one, so I am sorry for the rest of you who have had positive experiences functionally that you now have to deal with a non-customer friendly policy and overt planned obsolescence.
That being said, I'm a sample size of one, so I am sorry for the rest of you who have had positive experiences functionally that you now have to deal with a non-customer friendly policy and overt planned obsolescence.
So people can have their new Belkin smart plug become obsolete in 4 years because that's how long Belkin thinks things should be supported for? Fool me once, shame on you. Fool me twice... nope, not going to happen.
I'm surprised people are surprised Belkin pulled this. Planned obsolescence for these sort of things is pretty common. Planned obsolescence is why I don't have many smart home/internet of things stuff in my house.
So Belkin basically said "We will make more money if we ignore this problem than if we fix it."
Belkin has always been a low-tier, low quality reseller of low quality small parts like cable and adaptor. It is best to simply stay away from them.
Belkin has always been a low-tier, low quality reseller of low quality small parts like cable and adaptor. It is best to simply stay away from them.
Several years ago before the pandemic, I bumped into a colleague at Home Depot. He was running around with a cart collecting various smart devices to use in his home: lights, switches, whatnots. He was very excited about it. A few weeks or a month later, I bumped into him again at Home Depot and asked him how his smart home was doing and he said he returned all the smart devices because it was too much headache getting them to work in a way he wants.
That's how I feel about these IoT's. In theory, they sound great. In practice, it's like you need to be a technical administrator of your house just to run things electronic. Sorry, I am really not interested in playing IT at home. I'm not an IT at work but I'm geeky enough such that colleagues turn to me to ask for IT help when we actually have a whole IT department we can turn to. Nope thank you
Belkin’s position is irresponsible and would lead me to not consider their products in the future.
This does make me wonder if someone on Github will come up with updated firmware for this device.
Several years ago before the pandemic, I bumped into a colleague at Home Depot. He was running around with a cart collecting various smart devices to use in his home: lights, switches, whatnots. He was very excited about it. A few weeks or a month later, I bumped into him again at Home Depot and asked him how his smart home was doing and he said he returned all the smart devices because it was too much headache getting them to work in a way he wants.
That's how I feel about these IoT's. In theory, they sound great. In practice, it's like you need to be a technical administrator of your house just to run things electronic. Sorry, I am really not interested in playing IT at home. I'm not an IT at work but I'm geeky enough such that colleagues turn to me to ask for IT help when we actually have a whole IT department we can turn to. Nope thank you
Since then the Matter common standard has launched to make mix and match less of a chore.
That said, vendors that don’t provide 10 years of software support should be shunned.
Absolutely!
We have three mechanical timer light switches that turn on and off lights at designated times during the week. They are literally mechanical devices that you install on top of your mechanical switches. These mechanical devices have a small timer device than physically turn on and off the light switch. It's not internet connected.
Every now and then I think of replacing them with a smart version only because one of the mechanical devices seem to start failing a bit. Unfortunately, these devices as ingenious as they are, are not popular and the version we have is no longer made.
We have this: https://www.amazon.com/SWE-82000-AutoChron-Switch-Timer/dp/B003VW2LA6
And we also have this: https://www.homedepot.com/p/Woods-I...al-Light-Switch-Timer-White-59744WD/203638998
The first one by AutoChron is a much better device than the Woods. AutoChron has many more ways to program the On and Off and has better manual override than the Woods. Don't know what I'll do when the AutoChron ones we have die. These "dumb" devices are so suitable for what we need -- just turning on and off the light to either simulate that we're at home, or to light the outdoors during the night.
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
Bad move by Belkin. Do a recall or offer a discount on the new model.
To ignore it is horrible customer service. Lost me as a customer.
To ignore it is horrible customer service. Lost me as a customer.
I went through this with Lowes, they discontinued their smart switches but they did provide renumeration for each device.
That’s all I needed to hear to stop buying smart accessories from these bums. Can’t patch your product’s vulnerabilities even though most bought it within 4 years?! Why should I spend another dollar for any connected device they make? Gtfo.
It sounds fairly trivial to exploit, so there's a good chance someone will. A well-packaged, WiFi-enabled device like this could be useful for a number of purposes. The ability to run generic code on it might be really attractive.
As an owner of said device, Belkin's response is terrible. No more Belkin products for me. "We created a severely flawed product, but it's a couple years old so screw you all. Too bad so sad."
Ugh I have several of these throughout the house. Four years is nothing! Its not like there is some innovation in the Homekit enabled smart outlet world I'm missing out on. This thing could last 20 years. No more Belkin products for sure.
I also have some Wion smart outdoor outlets purchased in 2017 I use for xmas decorations that are now abandonware. I need to keep an old Android Nexus 7 (2013 model) tablet running Android 6.0.1 around because its the only device whose app can still communicate with these outlets!
I also have some Wion smart outdoor outlets purchased in 2017 I use for xmas decorations that are now abandonware. I need to keep an old Android Nexus 7 (2013 model) tablet running Android 6.0.1 around because its the only device whose app can still communicate with these outlets!
The smarter and more capable hacker-bot will never give you any evidence that your Belkin device is infected.Yeah, they might switch your lamp on and off to annoy you
Instead, your Belkin device will silently attempt to infiltrate your other devices and communications. In addition, it will carry out other attacks on others' devices over your Internet connection.
Maybe it everyone calls to complain about this behavior? I don't see an email address:
