back to article Boffins turn phone into tracker by abusing pairing with – that's right – IoT kit

Security researchers have worked out how to hack into a smartphone and turn it into a tracking device by abusing its pairing with a Belkin home automation device. Joe Tanen and Scott Tenaglia of Invincea Labs were able to root a WeMo device before injecting code into the WeMo Android app from a compromised WeMo device. The …

  1. tiggity Silver badge

    Novel

    Good to see an IoT vendor actually making an effort to have a patch release system & make any effort to fix security issues.

  2. Anonymous Coward
    Anonymous Coward

    What can one do when it's no longer politically correct to demonise remoaners, leavers, Muslims, Christians, Jews, Hispanics, Latinos, Mexicans, Blacks, Whites, cops, citizens, fat folk, skinnies, Democrats, Republicans, left handed, right handed, anyone really?

    That's right; demonise IoT.

    1. Nik 2

      I tell you, we should be careful before we demonise the IoT. These things will have their revenge...

      1. John Brown (no body) Silver badge
        Terminator

        "These things will have their revenge..."

        You forgot the icon.

    2. DropBear
      Joke

      I have to admit I find Sam and Fuzzy's possessed demonic fridge from a decade ago eerily prescient...

  3. kyndair

    IoT kit is kinda insecure - just like lava is kinda warm

    The sooner we get some minimum security standards for the IoT (e.g. new username and password required on first bootup) the sooner we can get back to enjoying robots doing all the work for us

  4. Paul

    good guys Belkin, instead of suing the people finding these faults and thus suppress the knowledge, they fix it.

    if I was in the market to buy IoT stuff, I'd be putting Belkin at or near the top of my list.

  5. Anonymous Coward
    Anonymous Coward

    It's Used, not abused.

    "....involved abusing normal functionality..."

    It involved using normal functionality. If you leave your door open and burglars open it and walk in it is never reported as "Burglars abused the doors normal functionality."

    1. Jeffrey Nonken

      Re: It's Used, not abused.

      Hmm. If they picked the lock, though, it could be considered abuse of the normal function.

      Or perhaps, since we're doing home break-in analogies, that would be climbing in through a window accidentally left open.

  6. Timo

    what is the uptake rate on the patched software?

    So Belkin spends the time and money to issue updates to their software, which is promising, but how is that handled? Do the devices automatically update or does it require the user to do it? Publishing a software update is a necessary step but doesn't guarantee that it will be installed. How many people that buy those light switches are going to be mindful of updating, if the thing works (as far as they can tell)?

    1. Adrian 4 Silver badge

      Re: what is the uptake rate on the patched software?

      And if you bought an IoT light switch, would you really permit the manufacturer to update it without your permission ?

      I don't even let that happen to things that I don't rely on (like computers) let alone things that are important to my comfort and safety.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022