11-12-2016 05:00 AM
11-12-2016 09:52 AM
WeMo does not have account management. The only soulution I am aware of is not to give people you don't trust access to your main network - use Guest Access instead from where they will not see your WeMos unless they installed the WeMo App while connected to your main network. Just delete the App on their devices if they have access and then only allow them yo connect to your Guest Network.
11-12-2016 03:53 PM
11-12-2016 04:17 PM - edited 11-12-2016 04:19 PM
Don't forget these devices have been available for 4 yeasrs or so - things have meved on and WeMo has not kept up. This is not dissimilar to other devices that have been arouRnd for a while - Sonos as an example, not that you can control them remotely like WeMo.
11-12-2016 05:41 PM - edited 11-12-2016 05:43 PM
Once someone joined my wifi and installed the app he is also able to manage the devices offsite. How creepy.
I will install a firewall and use a mac filter to ensure that only the communication between the wemo devices and the controlling devices (the phone of my wife's our daughter and mine) is possible.
Phil is absolutely correct. Don't bother with MAC filtering, it's a useless security feature right up there with hidden SSIDs - both are a placebo and needlessly complicate setup. Any modern device can find your hidden SSIDs and MAC spoofing is easy.
Use a separate router, WPA2 and a strong password and you'll be fine (more or less). For complete security block the WeMos from reaching the internet (be careful as many home routers provide this feature but it doesn't actually work - be sure to test it). If you need secure remote access you can use my app. This keeps you safe from bugs like this update-your-belkin-wemo-devices-before-they-become-botnet-zombies. IoT bots took down many sites on the internet a few weeks ago including this one.
11-12-2016 06:21 PM
11-13-2016 04:02 AM
I am clearly missing something here. The concern is that you accidentally give someone the 16 digit WPA code to log onto your wifi. They then return in the middle of the night, park outside your house and ...... turn your lights on.
Forgive me if I say that doesn't really bother me. I'll just avoid giving people my WPA code. And if it happens I'll just turn the lights back off again. Not really up with people breaking into your house or hacking your bank account is it?
So what am I missing?
11-13-2016 06:50 AM
A friend comes by your home and you give them your wireless password. While there they install and start the belkin app which discovers your wemos (ignoring for a minute how hard that often seems to be...). They enable remote access and leave. Their phone is now associated with your account in belkin's cloud giving them full control over your switches.
They can now do anything you can do - turn switches on and off, setup rules, rename your switches, etc. Remotely - they don't need to be connected to your wifi. So changing your password won't help. There have been reports of wemos switching for no reason, and of people finding cameras they don't own on their cloud accounts.
Maybe your friends are just pratical jokers, no real harm done. But if you're managing a vacation home and give access to the guests to the wifi and lighting you've got a problem. And wemos are completely unsuited for commercial applications unless there's both a protected wifi network and no physical access to the devices.
The IoT problem is that these devices by design call OUT from your network to the internet bypassing your firewall. If the devices OR the manufacturer's cloud is successfully hacked, or if the hackers have access to your devices for a short time, they could be reprogrammed to connect somewhere else and/or turned into DDoS bots or worse. They can become a bridge from the internet back into your wifi network, and depending on the sophistication of the device itself, can do all manner of snooping.