Wemo: Difference between revisions - Consumer Rights Wiki

Line 1:

~~{{Under_Development~~

~~| date = 2-19-2025~~

~~| stage = Early development~~

~~| priority = Medium~~

}}

{{InfoboxCompany

| Name = {{PAGENAME}}

Line 17:

Line 12:

==Consumer impact summary==

[[File:WEMO account closure.PNG|thumb|right|alt=|Screenshot of account closure screen.]]

~~{{Placeholder box|Overview of concerns~~ that ~~arise from~~ the ~~company's conduct regarding (if applicable):~~

Through the app, users can delete their account by pressing the "close account" button, which will warn that Wemos cannot be controlled through the app once account data is deleted. The devices can also work by only using the Apple Home app, which does not require a Wemo account to set up.

* User Freedom

* User Privacy

Since 2022, the [https://www.belkin.com/legal/privacy-policy/ privacy policy] of Belkin and Wemo have merged, sharing the same terms with each other. The data collected on users includes __. Belkin shares this info with marketing partners unless the user opts-out.<ref>https://www.belkin.com/legal/privacy-policy/#marketing-anchor</ref> Users are allowed to make requests to access, withdraw consent, object, and delete most of the information Belkin has collected on them.<ref>https://www.belkin.com/legal/privacy-policy/#your-rights-in-relation</ref> Belkin states they may need to hold onto information to "Defending Belkin against legal claims" or "Needing to respond to customer complaints and queries".<ref>https://www.belkin.com/legal/privacy-policy/#retention-of</ref>

* Business Model

* Market Control}}

The business model of Wemo is to sell smart home devices without the user paying for a subscription service. Although this may seem like a pro-consumer move, the Wemo experience has been diminished due to the lack of income streams. According to the App Store, the app once had a 3-year window without updates, which lasted between February 23, 2021 and May 28, 2024 (the current version as of February 24, 2025).<ref name="AAS">https://apps.apple.com/us/app/wemo/id511376996</ref>

~~Through~~ the ~~app~~, ~~users can delete their account by pressing~~ the ~~"close account" button, which will warn that all account data will be deleted~~.

Market control of Wemo has been decreasing over the years, as Wemo is only selling three devices<ref>https://web.archive.org/web/20240225173134/https://www.belkin.com/products/wemo-smart-home/</ref>, down from nine the year prior.<ref>https://web.archive.org/web/20230201232551/https://www.belkin.com/products/wemo-smart-home/</ref>

==Incidents==

Line 29:

Line 24:

On November 5, 2013, Wemo updated its API to prevent future XML injection attacks.<ref>https://www.belkin.com/support-article/?articleNum=80322</ref>

On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the device could be exploited through a program called pyWemo<ref>https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html</ref> and potentially through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network"<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> and "We discontinued the Wemo Mini Smart Plug v2 (F7C063) in 2020"<ref>https://x.com/WEMOcares/status/1658963635882938374</ref>, despite not making this information publicly available prior. During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.<ref~~>https:~~/~~/apps.apple.com/us/app/wemo/id511376996</ref~~>

On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the device could be exploited through a program called pyWemo<ref>https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html</ref> and potentially through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network"<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> and "We discontinued the Wemo Mini Smart Plug v2 (F7C063) in 2020"<ref>https://x.com/WEMOcares/status/1658963635882938374</ref>, despite not making this information publicly available prior. During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021, as previously mentioned.<ref name="AAS" />

==Products==

@@ Line 1: / Line 1: @@
 {{Incomplete}}
-{{Under_Development
-| date = 2-19-2025
-| stage = Early development
-| priority = Medium
-}}
 {{InfoboxCompany
 | Name = {{PAGENAME}}
@@ Line 17: / Line 12: @@
 ==Consumer impact summary==
 [[File:WEMO account closure.PNG|thumb|right|alt=|Screenshot of account closure screen.]]
-{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):
+Through the app, users can delete their account by pressing the "close account" button, which will warn that Wemos cannot be controlled through the app once account data is deleted. The devices can also work by only using the Apple Home app, which does not require a Wemo account to set up.
-* User Freedom
-* User Privacy
+Since 2022, the [https://www.belkin.com/legal/privacy-policy/ privacy policy] of Belkin and Wemo have merged, sharing the same terms with each other. The data collected on users includes __. Belkin shares this info with marketing partners unless the user opts-out.<ref>https://www.belkin.com/legal/privacy-policy/#marketing-anchor</ref> Users are allowed to make requests to access, withdraw consent, object, and delete most of the information Belkin has collected on them.<ref>https://www.belkin.com/legal/privacy-policy/#your-rights-in-relation</ref> Belkin states they may need to hold onto information to "Defending Belkin against legal claims" or "Needing to respond to customer complaints and queries".<ref>https://www.belkin.com/legal/privacy-policy/#retention-of</ref>
-* Business Model
-* Market Control}}
+The business model of Wemo is to sell smart home devices without the user paying for a subscription service. Although this may seem like a pro-consumer move, the Wemo experience has been diminished due to the lack of income streams. According to the App Store, the app once had a 3-year window without updates, which lasted between February 23, 2021 and May 28, 2024 (the current version as of February 24, 2025).<ref name="AAS">https://apps.apple.com/us/app/wemo/id511376996</ref>
-Through the app, users can delete their account by pressing the "close account" button, which will warn that all account data will be deleted.
+Market control of Wemo has been decreasing over the years, as Wemo is only selling three devices<ref>https://web.archive.org/web/20240225173134/https://www.belkin.com/products/wemo-smart-home/</ref>, down from nine the year prior.<ref>https://web.archive.org/web/20230201232551/https://www.belkin.com/products/wemo-smart-home/</ref>
 ==Incidents==
@@ Line 29: / Line 24: @@
 On November 5, 2013, Wemo updated its API to prevent future XML injection attacks.<ref>https://www.belkin.com/support-article/?articleNum=80322</ref>
-On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the device could be exploited through a program called pyWemo<ref>https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html</ref> and potentially through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network"<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> and "We discontinued the Wemo Mini Smart Plug v2 (F7C063) in 2020"<ref>https://x.com/WEMOcares/status/1658963635882938374</ref>, despite not making this information publicly available prior. During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.<ref>https://apps.apple.com/us/app/wemo/id511376996</ref>
+On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the device could be exploited through a program called pyWemo<ref>https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html</ref> and potentially through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network"<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> and "We discontinued the Wemo Mini Smart Plug v2 (F7C063) in 2020"<ref>https://x.com/WEMOcares/status/1658963635882938374</ref>, despite not making this information publicly available prior. During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021, as previously mentioned.<ref name="AAS" />
 ==Products==