Jump to content

Wemo: Difference between revisions

From Consumer Rights Wiki
← Older editNewer edit →
VisualWikitext
Added info to the vulnerabilities section
mNo edit summary
Line 29: Line 29:
On November 5, 2013, Wemo updated its API to prevent future XML injection attacks.<ref>https://www.belkin.com/support-article/?articleNum=80322</ref>
On November 5, 2013, Wemo updated its API to prevent future XML injection attacks.<ref>https://www.belkin.com/support-article/?articleNum=80322</ref>


On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the devices could be exploited through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network."<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.<ref>https://apps.apple.com/us/app/wemo/id511376996</ref>
On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the device could be exploited through a program called pyWemo<ref>https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html</ref> and potentially through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network."<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.<ref>https://apps.apple.com/us/app/wemo/id511376996</ref>


==Products==
==Products==

Revision as of 20:32, 20 February 2025

⚠️This article has been marked as incomplete. Sourcing or verifiability needs additional work.

A moderator needs to check the page before this notice can be removed. Visit the noticeboard or the #appeals channel in either Zulip or Discord to request removal.
More info ▼

Articles must provide verifiable, credible evidence for their claims and avoid relying on forum posts, personal blogs, or other unverifiable sources. You can help by replacing weak citations with reputable reporting, corporate communications, receipts, repair logs, or independent investigative coverage that demonstrates the systemic relevance required by the Mission statement and Moderator Guidelines.

📝 This article is under active development.
  • Development started: 2-19-2025
  • Current stage: Early development
  • Priority: Medium
This article needs additional work to meet our quality standards. Please help improve it by discussing changes or contributing improvements.
Wemo
Basic information
Founded 2012
Legal structure Subsidiary
Industry Smart home
Official website wemo.com (https://www.belkin.com/products/wemo-smart-home/)

Wemo is a subsidiary of Belkin founded in 2012. They are known for smart home devices such as plugs and light switches that use the HomeKit and Thread protocols.

Consumer impact summary

File:WEMO account closure.PNG
Screenshot of account closure screen.

Overview of concerns that arise from the company's conduct regarding (if applicable):

  • User Freedom
  • User Privacy
  • Business Model
  • Market Control

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Through the app, users can delete their account by pressing the "close account" button, which will warn that all account data will be deleted.

Incidents

Security vulnerabilites

On November 5, 2013, Wemo updated its API to prevent future XML injection attacks.[1]

On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.[2] The study mentions the device could be exploited through a program called pyWemo[3] and potentially through cloud controls.[4] In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network."[5] During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.[6]

Products

  • Dimmers
    • Wemo Smart Dimmer[7]
    • Wemo WiFi Smart Dimmer[8]
  • Doorbells
    • Wemo Smart Video Doorbell[9]
  • Light switches
    • Wemo Smart Light Switch with Thread[10]
    • Wemo WiFi Smart Light Switch[11]
    • Wemo Smart Light Switch 3-Way[12]
  • Plugs
    • Wemo Smart Plug with Thread[13] (release date): Short summary of the product's incidents.
    • Wemo WiFi Smart Outdoor Plug[14]
  • Scene controller
    • Wemo Scene Controller with Thread[15]


References

  1. https://www.belkin.com/support-article/?articleNum=80322
  2. https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/
  3. https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html
  4. https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability
  5. https://x.com/WEMOcares/status/1658963426230562819
  6. https://apps.apple.com/us/app/wemo/id511376996
  7. https://web.archive.org/web/20221130043724/https://www.belkin.com/smart-dimmer/P-WDS070.html
  8. https://web.archive.org/web/20221129001529/https://www.belkin.com/wifi-smart-dimmer/P-WDS060.html
  9. https://www.belkin.com/p/smart-video-doorbell/WDC010.html
  10. https://www.belkin.com/p/smart-light-switch-with-thread/WLS0503.html
  11. https://web.archive.org/web/20221130045654/https://www.belkin.com/wifi-smart-light-switch/WLS040-CA.html
  12. https://web.archive.org/web/20221129145512/https://www.belkin.com/smart-light-switch-3-way/P-WLS0403.html
  13. https://web.archive.org/web/20230910113415/https://www.belkin.com/smart-plug-with-thread/WSP100.html
  14. https://web.archive.org/web/20221201141200/https://www.belkin.com/wifi-smart-outdoor-plug/WSP090.html
  15. https://www.belkin.com/p/scene-controller-with-thread/WSC010.html
Retrieved from "https://consumerrights.wiki/index.php?title=Wemo&oldid=9296"