Forgot your password?
typodupeerror
Security The Internet IT Technology

Turning the Belkin WeMo Into a Deathtrap 146

Posted by timothy
from the they-keep-poltergeisting-me! dept.
Okian Warrior writes "As a followup to yesterday's article detailing 50 Million Potentially Vulnerable To UPnP Flaws, this video shows getting root access on a Belkin WeMo remote controlled wifi outlet. As the discussion notes, remotely turning someone's lamp on or off is not a big deal, but controlling a [dry] coffeepot or space heater might be dangerous. The attached discussion also points out that rapidly cycling something with a large inrush current (such as a motor) could damage the unit and possibly cause a fire." In the style of Bruce Schneier's movie-plot threat scenarios, what's the most nefarious use you can anticipate such remote outlet control being used for?
This discussion has been archived. No new comments can be posted.

Turning the Belkin WeMo Into a Deathtrap

Comments Filter:
  • by Anonymous Coward on Thursday January 31, 2013 @05:38PM (#42755465)

    Please, please, learn some common sense.

    Never have a heater like that unattended, it's just not safe.

    • by pushing-robot (1037830) on Thursday January 31, 2013 @05:46PM (#42755557)

      Agreed. Heaters should never be left unattended.

      Always put them on a timer, or better yet, a remote-controlled outlet you can monitor and control from anywhere.

      I have a Belkin unit that works great. Highly recommended!

      • space heater have temp and tip over switches that can trun it off.

        • by X0563511 (793323)

          Both (well, the tip switch anyways) are mechanical and can fail. They certainly help but should not be depended on.

        • Space heaters often have not thermostat on them. They are either off, or on, and they are either high or low setting. Thermostats are relatively expensive, especially a reliable thermostat. It's the first place cheap space heater manufacturers attempt to cut costs.

          Tip over switches can fail. I've seen them fail enough times that I'll never rely on one. A little dirt, some lint, a couple years of corrosion, and magically, the damned switch just doesn't work.

    • by pla (258480)
      Aww, I only want to make my bathroom nice and toasty by remote control before I get out of bed, you cretin! :)

      But yeah, seriously. Great tool for lights or remotely cycling power to a home server. Dumb dumb dumb idea to connect anything intended to make large amounts of heat (coffee pot) or dangerous motions (table saw).

      Oddly, I thought UL/CE wouldn't approve products like this specifically for that reason - That we simply can't trust most people to have the common sense not to try to remote-start the
      • by babywhiz (781786)

        Why would you not base it on inside/outside temperature? Seems to me that is easiest than remote control....

        • by babywhiz (781786)

          Or...easier than....my brain is fried today...

        • by plover (150551)

          Why would you not base it on inside/outside temperature? Seems to me that is easier than remote control....

          Because not every application needs to heat based on the ambient temperature (that just takes a thermostat). Usage enters into it as well.

          I have a friend with an unheated airplane hanger, and an antique prop-start plane he flies once or twice a week. He has a magnetically attached heater for warming the engine oil prior to starting it in cold weather (really useful when you have to spin it by hand.) Because of the risk and expense of operating a heater unattended, he wants to power it as little as possib

          • by Obfuscant (592200)

            Because of the risk and expense of operating a heater unattended, he wants to power it as little as possible. Since he needs to turn the heater on about an hour before he flies, and he lives about half an hour from the airport, this is the perfect application for a remotely controlled switch to operate a heater.

            Because of the risk of running the heater unattended, he puts it on a remote controlled switch so he can run it unattended? Attached to a valuable thing like an airplane? That's filled with flammable stuff called "avgas"? And may be covered in fabric coated in dope?

            Wow.

            What happens when he's forgotten to attach the heater before he leaves and then turns it on remotely? Or it comes loose from the engine and is laying in the engine compartment against a spar or fabric cover?

          • by cusco (717999)
            If your friend has a commercial access control system installed in the hanger drop me an email and I can give some instructions on how to set it up to do just that. We had a salescritter who told a customer that his access control system could do everything except make his coffee for him in the morning. Just to show off the customer got playing around and set his coffee pot up so that it would start brewing when he swiped his badge at the main entrance in the morning.
            • by plover (150551)

              Thanks. It's just a private hangar built 70 years ago, and I think he's pleased that someone added electricity back in the 1970's. Since he's a l33t h4x0r, he's building an Arduino connected to a GSM module to trigger it via secret SMS message.

      • by DriveDog (822962)
        I use a belt sander on a remote switch to pull a string that turns on the space heater. Once it gets to the end of its cord, it pulls it loose to turn itself off. The dust gets to be a problem, the floor needs a new coat of polyurethane, and the cats never come down from the hanging light fixtures. The belt sander draws quite a bit of current itself, but only momentarily.
  • by Anonymous Coward on Thursday January 31, 2013 @05:42PM (#42755505)

    One of the worst tech support nightmares I experienced was remotely diagnosing why the Point of Sale servers kept shutting off at the same time every week. It turned out that the outlet the battery backup was plugged into was connected to a light switch that the weekly cleaning people turned off - weekly. When support came into the room, what was the first thing they did? Turn on the lights!

    Imagine power cycling all the outlets in a server room - over and over and over!

    • A story I read once, no idea if it's true:

      A mainframe at a university would shut down with no warning, usually a little after midnight, then a few minutes later power back up. Nobody could figure out why. Finally, some desperate grad students decided to sit and watch the computer in person and see what happens. And what they saw at the appointed hour was a janitor coming in and unplugging the power cord so he could plug in his vacuum cleaner.

      • My boss had the very same thing happen at a department store he used to work at, it's probably not that uncommon for places without a proper, secured server room.

      • by DriveDog (822962)

        Mine are a little different, and are true. Every morning for a week we came in to find the HP mini had crashed after midnight. Turned out that the A/C was on a circuit in common with another tenant, which was being shut off for some construction in the wee hours every morning. The mini would run for a while until overheating caused errors leading to a crash. There was an independent circular paper chart recorder, but I can't remember why it didn't lead us to suspect overheating. Maybe it was out of paper or

      • by cusco (717999)
        I can believe it. We have had quite a few customers who were irate at getting alarms in the middle of the night. More than once we've had to go back through the video record (and in one case set up a temporary recorder) and show them that it was the cleaning people using a brass key instead of the keycard they had been issued.
  • How about turning off the lights of a house before the burglar or attacker invades? It could cause a lot more confusion and danger for the home owners.
    • "Hello, 911? I am trapped in my house at 123 Main St. by a gang of armed robbers. I'll blink a lamp to let you know a good time to break down the front door. I'm hiding under a bed, so shoot anyone else."

      • by plover (150551)

        I downloaded a home automation script for my Vera that flashes the front lights rapidly in case of emergency; and I can trigger it to signal the first responders. (It tests OK on a lamp, but I've never had an emergency requiring me to actually use it.)

    • Honestly, its easier to just pull the meter.
    • or they can just clap to trun them back off

  • Say no more. Say no more...

  • by Anonymous Coward on Thursday January 31, 2013 @05:47PM (#42755563)

    Forcing someone's DVR to record and play Jersey Shore.

    • Forcing someone's DVR to record and play Jersey Shore.

      You'd do me a favor! I love to watch Jersey Shore!
      *Looks at DVD collection*
      Oh wait, that's Jersey Whore which I like so much. Sorry, my bad.

  • You could cause a poor person's electricity bill to increase so much that they cannot afford medical care, or the utility company cuts off their heat and they freeze to death.

    • Change the neighbors water heater set point. Do it over night and return to the original set point again in the morning when they might check it. Ramp it up / down over a few weeks just for fun. When the repair guy shows up, make an offer to buy the old one just to see if you can "fix" it.
    • by cusco (717999)
      Actually they'd probably get a visit from the SWAT team first. Utility companies are required to notify police of unexpectedly high electricity bills so that they can raid pot growing operations.
  • Subtlety. (Score:4, Funny)

    by pla (258480) on Thursday January 31, 2013 @05:51PM (#42755621) Journal
    In the style of Bruce Schneier's movie-plot threat scenarios, what's the most nefarious use you can anticipate such remote outlet control being used for?

    Turn off the fridge after the victim goes to work for the day, and turn it back on about an hour before they get home.

    Repeat until they die... of Botulism! <Cue evil laugh>
    • by griffjon (14945)

      You laugh, but in Peace Corps I actually had a fridge whose thermostat controls were dead, so it operated at either full-blast (freezing everthing) or unplugged. I abused an x10 plug and a timing script run off a computer to cycle it on and off over the course of the day to regulate it. Never died!

      I think the most nefarious thing would be to turn off automatic coffee-makers ~ 15 seconds after they'd started, so the grounds are soaked and warm (i.e. ruined*), and there's no coffee.

      * For anyone who consider

      • You laugh, but in Peace Corps I actually had a fridge whose thermostat controls were dead, so it operated at either full-blast (freezing everthing) or unplugged. I abused an x10 plug and a timing script run off a computer to cycle it on and off over the course of the day to regulate it. Never died!

        I think the most nefarious thing would be to turn off automatic coffee-makers ~ 15 seconds after they'd started, so the grounds are soaked and warm (i.e. ruined*), and there's no coffee.

        That would be grounds for fully justified homicide. No jury in the 1st World would convict.

      • by tlhIngan (30335)

        I think the most nefarious thing would be to turn off automatic coffee-makers ~ 15 seconds after they'd started, so the grounds are soaked and warm (i.e. ruined*), and there's no coffee.

        * For anyone who considers having a automated coffee pot with grounds in it overnight not /already/ a ruined coffee experience, that is.

        In an office, I'd set it so it'll shut off after 1 minute so there's half a cup of coffee in there.

        Not only will there never be enough for a full cup, but the person who discovers it has to

  • I just visited the WeMo web pages and couldn't find any technical information about what watt or amperage limits on it are.

    I have a hard time believing that it can handle a 1500 watt heater.

  • A suicidal performance artist using it to have himself anonymously murdered.

  • Turn off a co-worker's alarm before a big event. Nasty.
    • by Obfuscant (592200)

      Turn off a co-worker's alarm before a big event. Nasty.

      If your co-worker has his alarm clock on a switched outlet of any kind, that says a lot about the level of intelligence your company requires for people doing your job.

      • by DriveDog (822962)

        I guess we have low standards, then. My radio is switched by a wall module controlled by an X10 clock. And yes, I realize that anyone could plug an X10 transmitter into my outdoor socket and wake me up with the radio anytime they wanted or flash the lights.

  • by TheSkepticalOptimist (898384) on Thursday January 31, 2013 @06:08PM (#42755825)

    ...is that homes often house stupid people.

  • Asimo killing his human master by dropping a toaster into his bathwater.
    • by PopeRatzo (965947)

      This could be dangerous.

      Suppose someone were to turn on the power remotely to the leads connected to our cast-iron bathtub when my wife takes her bath at approximately 9pm (CST) every night. Suppose this happened tomorrow when I'm out bowling.

      It could be tragic! Despite my having taken out a $1.5million life insurance policy for her, I'm not sure I could go on (though I know she'd want me to).

  • by westlake (615356) on Thursday January 31, 2013 @06:21PM (#42756027)

    An early episode of "Perry Mason" (ca 1959) turned on the use of an R/C device to manipulate an antiquated gas space heater, establishing an alibi for the killing.

    When the inventor of the gadget became a plausible suspect, Mason had the gas line inspected for undocumented repairs. In the end, that made it obvious the real killer had to be the first one to discover the body --- giving himself enough time to remove the device and cover his tracks.

  • Belkins actually advertising it for the very purpose they're worried about:
    http://belkinwemo.tumblr.com/post/32629402162/did-i-turn-it-off-i-must-have-turned-it-off-did [tumblr.com]

    Plug in dangerous things so you can be sure their turned off by checking your phone.

  • Cycling an air conditioner quickly can do bad things quickly if the air conditioner itself doesn't have modern controls to limit power cycling. That can get very expensive, though I don't necessarily think it is dangerous.

    • Any air conditioner without both overload trips and compressor short cycling protection is almost certain to be dead of old age already..

  • Most nefarious use? Turning off the coffee pot in the morning.
  • by Sir_Eptishous (873977) on Thursday January 31, 2013 @06:47PM (#42756329) Homepage
    Home Automation apologists, flame away!

    I think things like this are the tip of an emerging ice berg relating to the ip-ification of everything:
    • You haven't upgraded the firmware in your garage door opener?
      • Did you properly set permissions on your gas furnace?
        • Which version of the HomeSafe *nix Kernel are you running in your UPnP'd entertainment system?

        etc; etc;

        To me, all Home Automation does is increase complexity and security risks for some specious conveniences.
        Maybe it's just me, but I would rather have to remember that I'm out of Mayo, than have an ip'd fridge send a message to my Android that I need to pick it up at the store.

    • by Spamalope (91802)

      • You haven't upgraded the firmware in your garage door opener?

      You're forgetting all of the 'product enhancement' opportunities with selling a defective but update-able product!

      There is an active security exploit you better update right away. Thieves are driving through neighborhoods opening garage doors to steal everything right now! Click 'I Agree *' or we'll block your install!

      * By installing this update you agree that we can play doubleclick advertisements via the included loudspeaker each time the door is triggered. Your home entry and exist times will be log

  • by pbjones (315127)

    turning their computer off before they save a document, then turning it back on, so they blame Windoze.

  • by Avidiax (827422) on Thursday January 31, 2013 @07:50PM (#42756889)

    1. Root these devices, and synchronize their clocks
    2. Turn them all off
    3. Monitor the power network for a temporary increase in voltage (since load was suddenly shed)
    4. Just as the voltage gets back to normal, turn all the devices on.
    5. Watch the power network for a temporary decrease in voltage (since load was suddenly added)
    6. Just as the voltage gets back to normal, turn all the devices off.
    7. Once you have found the resonant frequency of corrections to the electrical grid, tell all the devices to cycle at that frequency.
    8. If there is enough load handled by these devices, the system may oscillate so heavily that voltage is far outside of normal, causing overheating or fires (either too high voltage for resistive loads or too low voltage for inductive loads), excessive vibration, design parameter excursions, etc.

  • I've been using home automation since the 80's (damn, that's a long time ago) in the dark ages of X10.
    As with many systems, there are some important questions to keep in mind:
    Does this system or particular controlled device have benign failure modes? The answer better be "Yes!"
    How do I secure access to the system? (Hint: don't connect it directly to the Internet!)
    Does this system have a master OFF switch and easily useable manual controls? (Think COLOSSUS Forbin Project - again, the answer better be "Y
  • There I was, deep in dreamland one night when, from my server room I heard a faint beeping noise at regular intervals... Groggy, I wake up, totter over to the 'server room' door (spare bedroom) and have a gander. In a groggy state it took me a moment in the dark to perceive what was going on, the APC UPS was power cycling the server and other ancillary items at a regular interval, turns out, when the battery goes south, the UPC just crowbars the AC and reboots (repeat...). Now, HD's were connected to the se

  • I'm assuming one room with at least 2 WeMos for simplicity's sake... As preparation, I'd have to place wireless cameras at the windows and make sure I can see every angle from my Base Of Evil Operations.

    I'd let the lights behave normally for about the first 10 minutes they're turned on with somebody in the room, then make one "flicker" (like an electrical issue might cause) and shut off. Wait for the person to approach the light, turn that WeMo back on, wait for them to head back to wherever they were at,

  • Remotely turn off the fence so the raptors can get out.
  • I was thinking of making a system that would allow an aged family member to call for help to the other family members by simply shouting, for example if he had a bad fall and couldn't get up. The system would also tell him the time also vocally, could initiate a skype call, etc.
    I have actually seen a product by a European startup that is designed to do something similar (I believe you knock on a wall..)
    Such home systems to care for the aged would be hosed.

  • a large inrush current (such as a motor)

    LED Lighting and the divers that run them have a significantly larger inrush current than incandescent lighting ( http://ledsmagazine.com/features/9/3/7/EcosystemFig3 [ledsmagazine.com] ). I'd be more concerned about that than a motor.

    This "feature" of LED lighting was not something that was initially taken into account.

  • Wait until normal peak usage, turn everything off for a bit and keep it off, then turn everything on at the same time. Collapse the grid.

  • Ah, takes me back to High School.

    I went to a special (no jokes, please!) city-wide high school (Cass Tech, in Detroit) in the 70's, way before the trend toward this sort of thing. (Cass Tech was actually established in the 1920's, in coopertion with the auto industry.) I had 8 sememters of Electronics in high school.

    One of my classes was taught by Walter Downs, also known for some reason by his students as "Wally Gator". (A popular TV cartoon character at the time.) Wally ... er, Walter... was from Baltimor

  • I rest my case.

Please go away.

Working...