Security MadLibs: Your IoT electrical outlet can now pwn your smart TV

McAfee finds new way to break thing that shouldn't be on your home network in the first place

By Shaun Nichols in San Francisco


A security vulnerability in "smart" power plugs can be exploited to infiltrate local computer networks.

The flaw, spotted in Belkin's Wemo Insight smartplugs, would potentially allow an attacker to not only manipulate the plug itself, but also allow hopping to other devices connected to the same Wi-Fi home network.

Researchers at McAfee this week said they reported the remote code execution flaw, designated CVE-2018-6692, to Belkin in March.

The exploit stems from a buffer overflow in the Universal Plug and Play (UPnP) software the Wemo plug uses to connect to stuff via the Wi-Fi network, enabling the owner to do things like turn the plugs on and off with a smartphone or PC.

McAfee's research team of Douglas McKee, Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza found that when the flaw is abused to inject instructions into memory, the plug itself could not only be commandeered, but the UPnP service could also be accessed to send commands to other devices on the network, effectively making the plugs a network gateway for attackers.

"A smart plug by itself has a low impact. An attacker could turn off the switch or at worst possibly overload the switch," the team explained.

"But if the plug is networked with other devices, the potential threat grows. The plug could now be an entry point to a larger attack."

In this case, the team said, it was able to create a proof of concept that combined the Wemo security flaw with weaknesses in the Roku API application to send HTTP commands to the set-top box via the smart-plug.

"Using the Wemo as a middleman, the attacker can power the TV on and off, install or uninstall applications, and access arbitrary online content," the researchers explained.

Another IoT botnet has been found feasting on vulnerable IP cameras


"Smart TVs are just one example of using the Wemo to attack another device. With the attacker having established a foothold on the network and able to open arbitrary ports, any machine connected to the network is at risk."

The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on network connectivity to existing appliances, many IoT devices have little in the way of built-in network security.

Even when security measures are added to the devices, the third-party hardware used to make the appliances "smart" can itself contain security flaws or bad configurations that leave the device vulnerable.

"IoT devices are frequently overlooked from a security perspective; this may be because many are used for seemingly innocuous purposes such as simple home automation," the McAfee researchers wrote.

"However, these devices run operating systems and require just as much protection as desktop computers." ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

McAfee sues ship-jumping sales staff over trade secret theft allegations

Complaint claims rival Tanium's hires took deal data with them

When the chips are down, buy a software biz: Broadcom snaffles Symantec for $10.7bn

Legacy security outfit to vanish into the 'rightsizing' grinder

Pull up your SoCs, it's rubber-glove time: European Commission to probe Broadcom over microchip supply deals

Updated Casts an eye over biz's agreements with 7 of its main customers

Symantec share price nose dives after rumored Broadcom biz gobble taken off the menu

Looks like the ailing security shop priced itself out of an acquisition by chip giant

What will $15.5bn buy you? For Broadcom, it could nab itself a whole Symantec

Chip designer to make another foray into enterprise software... troubled security outfit in its sights

Dixons hits back at McAfee's £30m antivirus sueball: Your AV didn't work on Windows 10S

And that's why we flirted with your nemesis Symantec, Brit retailer claims

Broadcom billionaire Henry Nicholas and pal on drugs rap cough up $1m to avoid the clink

Charges for chip giant cofounder and pal downgraded in special plea deal

McAfee: Oops, our bad. Sharpshooter malware was the Norks' Lazarus Group the whole time

Access to C'n'C server data shows state hackers weren't smart enough for false flags

Chip flinger Broadcom says its software unit's doing great. Wait, what?

CA performing 'extremely well' under new management, says new management. As for wireless semiconductors...

Bloodbath as Broadcom slashes through CA Technologies personnel

I liked it so much, I bought the company – and fired 40 per cent, 2,000, of its US staff


Integrating Threat Intelligence into Endpoint Security

While threat intelligence can transform an organization's security posture, it can also be complex and costly for organizations to adopt.

Detecting cyber attacks as a small to medium business

If security by obscurity is no longer an option, and inaction is a risk in itself, what can smaller enterprises do to protect themselves? Endpoint Detection and Response (EDR) solutions can go a long way towards minimising the level of threat, but they need to be chosen and used in the right way.

Evolving Datacenters without Complexity

In this session, we’ll talk about how IT leaders are advancing the capabilities of their datacenters to rise to today’s challenges. Our guest speaker, Chris Bradford, Product Manager at DataStax will bring first-hand expertise to a discussion with The Register host Elena Perez.

Requirements-driven software development and quality management

A shift is underway in many development teams from traditional delivery models to Agile methods.