Snippet: Researchers Find Security Flaw in Wemo Smart Plug, Belkin Says It Won’t Release a Patch ☇

Michael Potuck for 9to5Mac:

IoT security company Sternum has discovered a vulnerability in one of Belkin’s smart home devices. Read on for the details about how the Wemo Mini Smart Plug V2 flaw can be exploited for remote command execution and why Belkin has decided not to patch it.

Sternum found the flaw specifically with the Belkin Wemo Mini Smart Plug V2 which works with HomeKit, Google Assistant, and Amazon Alexa.

After reaching out to Belkin about the security issue, Sternum was told that “the device is at the end of its life and will not be patched.”

This is a frustrating situation in that the Wemo Mini Smart Plug V2s were sold in 2019. Conceivably, someone could’ve bought them new more recently, but sure, saying that a device is at the end of its life because you’ve moved on is a great look and instills confidence in future Wemo products.

I’ve got a few of these around and pulled them in favor of the Philips Hue Smart Plug, which connects to the Hue Bridge via Zigbee. This cuts down on 2.4GHz Wi-Fi devices and everything is funneled through the Bridge’s ethernet port—it’s been more stable and still works with HomeKit.