11-02-2016 02:32 PM
This note is in regards to the Forbes.com article discussing Wemo security posted on November 2nd, 2016. We have posted about this topic previously on our communities here.
Wemo is aware of the recent security vulnerabilities reported by the team at Invincea labs and has issued fixes to address and correct them. The Android app vulnerability was fixed with the release of version 1.15.2 back in August, and the firmware fix (versions 10884 and 10885) for the SQL injection vulnerability went live on November 1st.
We want to reassure Wemo users that their devices remain safe to use as, even before the fixes were issued, both vulnerabilities required an attempted hacker to be physically present and connected to the same local area network as the Wemo devices, and were not remotely exploitable. We, as always, will continue to work with security researchers to address any security issues that are identified.