Belkin WeMo remote shell and rapid state change exploit

Published on Jan 29, 2013

Belkin WeMo with latest firmware. Able to gain full root access and send commands including changing the state of connected device via flaw in UPnP implementation. Chose a small desk lamp and simple on/off sequence due to safety concerns. Real world this could be a fan or space heater and rapidly turn on/off without limitation. Updates with PoC soon to come.

via Belkin WeMo remote shell and rapid state change exploit – YouTube.

Stuff like this amaze me.  Again.  Just because you can put an IP stack on something doesn’t mean you should!  Below is a video showing how to break in to this device that simply controls an electric outlet.  He uses Backtrack 5 to break in.   Backtrack is a very useful set of security research tools.  The video inspires me to fire up my copy and break into something.  :-)