Abusing the Internet of Things

(Rick Simeone) #1
Hello Lon,
Thanks for taking the time to review the WeMo Audio Baby monitor. We appreciate your security
concerns and would like to respond to the issues you raise. For homes that use a password for their
WiFi, our product is as secure as any item on that network. For someone to get access to the baby
monitor a person would need to discover that password. For homes without a password we recom-
mend they implement one for the general security of everything they do on their home network. We
are adding this recommendation to our Frequently Asked Questions.
As you correctly identified, families are able to give access to others by sharing their WiFi password
with trusted friends or family members. We believe this is a positive feature of the system and
expect people will treat the sharing of this password with care as it gives access to their home net-
work. However for those who are concerned, when logged onto the baby monitor, it’s possible to
disable the remote access of others if uncomfortable with having others listening.
If you have any other feedback you would like to share with us we are always happy to hear it.
Please write us at [email protected].
Best Regards,
Belkin Support

As we add additional IoT devices to our homes, the reliance on WiFi security becomes a
hard sell. Given the potential impact on our physical privacy and safety, it’s difficult to stand
by the argument that all bets are off once a single device (computer or IoT device) is compro-
mised. Many homes in developed countries are bound to have dozens of remotely controllable
IoT devices in the future. The single point of failure can’t be the WiFi password. What’s more,
a compromised computer or device will already have access to the network, so a remote
attacker will not need the WiFi password. This point takes us to the issue of malware, which is
discussed in the next section.


Malware Gone Wild


It is not uncommon for workstations and laptops in homes to become infected with malware
at some point. Given the prevalence of malware, operating systems are increasingly starting to
be designed with firewalls turned on by default. The intention behind this notion is that devi-
ces on the same local network should not inherently trust that every other device is also
secure.
Now consider the case of the WeMo Baby. Should any device on the local WiFi network
be compromised, malware can easily obtain authorization on behalf of the malware author by
following these simple steps:


1.Locate the WeMo Baby on the local network using SSDP.
2.Issue a GET request to /setup.xml to obtain the serialNumber.
3.Issue a POST request to /upnp/control/remoteaccess1 with a self-chosen DeviceID.

CHAPTER 3: ASSAULTING THE RADIO NURSE—BREACHING BABY MONITORS AND

(^76) ONE OTHER THING

Free download pdf