WEMO Application

Showing results for 
Search instead for 
Do you mean 
Reply
Posts: 6
Registered: ‎11-12-2016

How to secure my wemo insight switches for other wemo app users ?

Hello folks,

I just added some wemo insight switches to my household. After setting them up using the iOS app, I started to install the wemo app on the iPhone of my wife. I was wondering the wemo app was showing the devices I just installed to our house - without asking for any id, -account.
So actually I am quite unsure how to protect my devices from getting managed by anyone who is a) close to my wifi or b) everywhere In the world -as long as the option remote access over mobile network is used.

Is there any setup I am not aware of ?

Many thanks for your support guys !!

Best regards from Germany
Daniel
Posts: 6
Registered: ‎11-12-2016

Re: How to secure my wemo insight switches for other wemo app users ?

 
Posts: 496
Registered: ‎08-04-2014

Re: How to secure my wemo insight switches for other wemo app users ?

WeMo does not have account management. The only soulution I am aware of is not to give people you don't trust access to your main network - use Guest Access instead from where they will not see your WeMos unless they installed the WeMo App while connected to your main network. Just delete the App on their devices if  they have access and then only allow them yo connect to your Guest Network.

Posts: 6
Registered: ‎11-12-2016

Re: How to secure my wemo insight switches for other wemo app users ?

Hello Phil !
Many thanks for your feedback !
If this is the truth - and I am of course not saying you are lying or wrong, I am shocked about this. Even for the cheapest smar devices or tech gimmicks account management is standard. It's 2016 and the awareness of internet security is high enough to let people think about it even if they are not tech geeks.
Once someone joined my wifi and installed the app he is also able to manage the devices offsite. How creepy.
I will install a firewall and use a mac filter to ensure that only the communication between the wemo devices and the controlling devices (the phone of my wife's our daughter and mine) is possible.

This is a product of Belkin, it's not an unknown crazy cheap and never-heard-about-company.
But if they want to become this company I think they don't need to do anything, just keep goin' this way..

o hope there will be an update soon.
And I don't hope this for me as i am able to think about security by myself and am able to finde a way to define it practically - but i hope it for the other customers out there like my parents who told me how nice this is - but will never understand TCP/IP


Posts: 496
Registered: ‎08-04-2014

Re: How to secure my wemo insight switches for other wemo app users ?

[ Edited ]

Don't forget these devices have been available for 4 yeasrs or so - things have meved on and WeMo has not kept up. This is not dissimilar to other devices that have been arouRnd for a while - Sonos as an example, not that you can control them remotely like WeMo.

WEMO Maker Inventor
Posts: 1,702
Registered: ‎06-14-2014

Re: How to secure my wemo insight switches for other wemo app users ?

[ Edited ]

Equilibrium wrote:
Once someone joined my wifi and installed the app he is also able to manage the devices offsite. How creepy.
I will install a firewall and use a mac filter to ensure that only the communication between the wemo devices and the controlling devices (the phone of my wife's our daughter and mine) is possible.


Phil is absolutely correct.  Don't bother with MAC filtering, it's a useless security feature right up there with hidden SSIDs - both are a placebo and needlessly complicate setup.  Any modern device can find your hidden SSIDs and MAC spoofing is easy.  

 

Use a separate router, WPA2 and a strong password and you'll be fine (more or less).  For complete security block the WeMos  from reaching the internet (be careful as many home routers provide this feature but it doesn't actually work - be sure to test it).  If you need secure remote access you can use my app. This keeps you safe from bugs like this update-your-belkin-wemo-devices-before-they-become-botnet-zombies. IoT bots took down many sites on the internet a few weeks ago including this one.

Posts: 6
Registered: ‎11-12-2016

Re: How to secure my wemo insight switches for other wemo app users ?

Wow and hello Mike

What a great answer - I thank you so much !
Your method of keeping the switches in a 2nd wifi is way better and I will do so.
Without your link to the news site I would think this is a bit much only for some switches which are controlling a light in the garden but with the hacks the both Tengalia and Tenan are describing I am feeling very uncomfortable using this devices in our concrete wifi.
IoT really seems to be a big new playground for hackers and the positive effect of IoT is far behind the negative as long as us users are unaware of the security lacks and how to deal with it.
-
As you are able to see I am not skilled enough and comments like yours are going to help lots of people!

Unfortunately this knowledge will only come to those who are searching for security in a context to IoT - and there are so many using such switches but never heard about IoT btw.

Again, many thanks for your support and also to Phil

Best regards from Germany

Daniel
(Sorry for my english skills, I am training Smiley Happy )
Posts: 39
Registered: ‎05-20-2015

Re: How to secure my wemo insight switches for other wemo app users ?

I am clearly missing something here.  The concern is that you accidentally give someone the 16 digit WPA code to log onto your wifi.  They then return in the middle of the night, park outside your house and ...... turn your lights on.

 

Forgive me if I say that doesn't really bother me.  I'll just avoid giving people my WPA code.  And if it happens I'll just turn the lights back off again.  Not really up with people breaking into your house or hacking your bank account is it?

 

So what am I missing?

WEMO Maker Inventor
Posts: 1,702
Registered: ‎06-14-2014

Re: How to secure my wemo insight switches for other wemo app users ?

A friend comes by your home and you give them your wireless password.  While there they install and start the belkin app which discovers your wemos (ignoring for a minute how hard that often seems to be...).  They enable remote access and leave.  Their phone is now associated with your account in belkin's cloud giving them full control over your switches.

 

They can now do anything you can do - turn switches on and off, setup rules, rename your switches, etc.  Remotely - they don't need to be connected to your wifi.  So changing your password won't help.  There have been reports of wemos switching for no reason, and of people finding cameras they don't own on their cloud accounts.

 

Maybe your friends are just pratical jokers, no real harm done.  But if you're managing a vacation home and give access to the guests to the wifi and lighting you've got a problem.  And wemos are completely unsuited for commercial applications unless there's both a protected wifi network and no physical access to the devices.

 

The IoT problem is that these devices by design call OUT from your network to the internet bypassing your firewall.  If the devices OR the manufacturer's cloud is successfully hacked, or if the hackers have access to your devices for a short time, they could be reprogrammed to connect somewhere else and/or turned into DDoS bots or worse.  They can become a bridge from the internet back into your wifi network, and depending on the sophistication of the device itself, can do all manner of snooping.

 

Posts: 496
Registered: ‎08-04-2014

Re: How to secure my wemo insight switches for other wemo app users ?

[ Edited ]

You then disable Remote Access for that device under Settings?