09-22-2016 04:51 PM - edited 09-23-2016 09:19 AM
Wemo is aware of the recent security vulnerabilities reported by Scott Tenaglia at Invincea labs and has been working closely with their team to address and correct them.
The good news: the Android app vulnerability was fixed with the release of version 1.15.2 back in August.
The less good news: the firmware fix for the SQL injection vulnerability is still in the works and will be included in our next release, slated for October.
We want to reassure Wemo users that their devices remain safe to use as the vulnerability requires an attempted hacker to be physically present and connected to the same local area network as the Wemo devices. Nevertheless, we are working diligently to fix the issue and will continue to work with security researchers to ensure that Wemo is as secure as possible.