Having smart plugs at home is quite common. It is one of the first options that we take into account when we want to domotize the home. They are cheap, easy to use and very useful. But of course, like any device connected to the Internet, we can have certain risks. In this article we echo old plug-ins from a brand that have become obsolete, with vulnerabilities, and are not going to fix them.
When a device becomes obsolete, it means that it is vulnerable to possible attacks. It can happen with routers, computers, mobiles… It is something relatively common. The problem is that, in many cases, manufacturers decide not to release updates considering that they are old devices, that they are no longer sold and that they are used less.
Wemo Wi-Fi plugs vulnerable
Specifically, these are plugs from the Wemo brand, model Wemo Smart Plug Mini V2. This problem has been detected by a group of security researchers from Sternum. The bug could allow an attacker to take remote control of the plug, by bypassing the Wemo app with a Python app.
But what could the attacker do? Once connected through this vulnerability, you could change the device name to something longer than 30 characters, thereby causing a buffer overflow that would allow you to remotely inject commands.
The company has informed that since it is a product at the end of its useful life, it will not receive any updates. The bug has been logged as CVE-2023-27217. Therefore, many users who have these types of smart plugs could have security problems if an attacker managed to exploit the flaw.
It is precisely smart home automation devices that we see that have many problems of this type. They are devices that go out of style quickly, since they launch new, more sophisticated versions, and that makes them obsolete. However, there are many who continue to use them at home, without really knowing that they are vulnerable.
What to do to avoid the problem
So what can you do if you have this type of socket at home? What the researchers who have discovered the problem recommend is to avoid exposing the UPnP ports of the Wemo plug to the Internet and to segment the network so that these devices are isolated. This can protect other devices that you have connected, such as a mobile or a computer.
The fact that they believe that this vulnerability could be exploited in the future without having to have physical access, makes it even more important to take that precaution that we mentioned. Other similar devices do not require an Internet connection to work, so the risk is lower.
However, if we talk about the best possible recommendation to avoid problems, it would be to avoid having obsolete devices at home. If you detect that a version of a device that you have is no longer secure, it is best to replace it with another device. Logically, this supposes an economic investment.
As you can see, a version of Wemo plugs is vulnerable and they are not going to correct the problem. You can take measures to protect yourself, although the most effective of all is not to use this type of device directly. It is always convenient to have secure, updated devices connected to the home router. Protecting IoT devices is essential.
