The Belkin WeMo is a small, WiFi connected outlet controlled by a mobile device that adds Internet control to a desk lamp, coffee maker, or, if you’re feeling daring, your home server. It’s an interesting device, but of course there are a few security implications of having your electric kettle connected to the Internet. [Daniel] was able to get root on his Belkin WeMo and with full control of his Internet-connected outlet was able to turn it into a deathtrap.
[Daniel] says his exploit could be developed into a virus that will scan for WeMo devices. Once these Internet-connected devices are found, it’s easy to turn these devices on and off really fast; something not too dangerous for a desk lamp, but potentially lethal if it’s plugged into a space heater.
In the video after the break, you can see [Daniel] exploiting the WeMo with a flaw in its UPnP implementation. There’s footage of his terminal hacking and of his desk lamp being turned on and off really fast, something that could be very dangerous for higher current devices.