Slashdot Mirror
Turning the Belkin WeMo Into a Deathtrap
Okian Warrior writes "As a followup to yesterday's article detailing 50 Million Potentially Vulnerable To UPnP Flaws, this video shows getting root access on a Belkin WeMo remote controlled wifi outlet. As the discussion notes, remotely turning someone's lamp on or off is not a big deal, but controlling a [dry] coffeepot or space heater might be dangerous. The attached discussion also points out that rapidly cycling something with a large inrush current (such as a motor) could damage the unit and possibly cause a fire." In the style of Bruce Schneier's movie-plot threat scenarios, what's the most nefarious use you can anticipate such remote outlet control being used for?
Please, please, learn some common sense.
Never have a heater like that unattended, it's just not safe.
One of the worst tech support nightmares I experienced was remotely diagnosing why the Point of Sale servers kept shutting off at the same time every week. It turned out that the outlet the battery backup was plugged into was connected to a light switch that the weekly cleaning people turned off - weekly. When support came into the room, what was the first thing they did? Turn on the lights!
Imagine power cycling all the outlets in a server room - over and over and over!
Charlie Luther's just getting started...
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
*misreads as red-head
Well..the topic is 'plug and play'
How about turning off the lights of a house before the burglar or attacker invades? It could cause a lot more confusion and danger for the home owners.
This space for rent, inquire within.
Say no more. Say no more...
Please do not read this sig. Thank you.
Forcing someone's DVR to record and play Jersey Shore.
I'm pretty sure that was not one of Bruce Schneier's movie plots ... at least not one he wrote down.
You could cause a poor person's electricity bill to increase so much that they cannot afford medical care, or the utility company cuts off their heat and they freeze to death.
"Hello, 911? I am trapped in my house at 123 Main St. by a gang of armed robbers. I'll blink a lamp to let you know a good time to break down the front door. I'm hiding under a bed, so shoot anyone else."
Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot
In the style of Bruce Schneier's movie-plot threat scenarios, what's the most nefarious use you can anticipate such remote outlet control being used for?
Turn off the fridge after the victim goes to work for the day, and turn it back on about an hour before they get home.
Repeat until they die... of Botulism! <Cue evil laugh>
space heater have temp and tip over switches that can trun it off.
I just visited the WeMo web pages and couldn't find any technical information about what watt or amperage limits on it are.
I have a hard time believing that it can handle a 1500 watt heater.
A suicidal performance artist using it to have himself anonymously murdered.
Turn off a co-worker's alarm before a big event. Nasty.
mu
...is that homes often house stupid people.
I haven't thought of anything clever to put here, but then again most of you haven't either.
Asimo killing his human master by dropping a toaster into his bathwater.
and some may come over and thing it's that odd looking power strip must of gone bad and is cutting in and out.
or they can just clap to trun them back off
An early episode of "Perry Mason" (ca 1959) turned on the use of an R/C device to manipulate an antiquated gas space heater, establishing an alibi for the killing.
When the inventor of the gadget became a plausible suspect, Mason had the gas line inspected for undocumented repairs. In the end, that made it obvious the real killer had to be the first one to discover the body --- giving himself enough time to remove the device and cover his tracks.
Belkins actually advertising it for the very purpose they're worried about:
http://belkinwemo.tumblr.com/post/32629402162/did-i-turn-it-off-i-must-have-turned-it-off-did
Plug in dangerous things so you can be sure their turned off by checking your phone.
Yes, there's probably someone out there who won't realize their appliances are online, and then these devices start doing things on their own all of a sudden. It will be ghosts, goblins, shenanigans, and lulz for all.
One day at noon a few months ago, my wife was in our kitchen watching a TV show about paranormal activity of some sort or other. At the same time, being unaware that she had gone home for lunch, I was demonstrating my home automation setup to a co-worker by flicking the kitchen lights on and off from my phone.
She is so cool. She immediately assumed I was playing with the home automation. The thought of it being ghosts synchronized with the TV show simply amused her.
I married well.
John
Cycling an air conditioner quickly can do bad things quickly if the air conditioner itself doesn't have modern controls to limit power cycling. That can get very expensive, though I don't necessarily think it is dangerous.
Most nefarious use? Turning off the coffee pot in the morning.
The television will not be revolutionized.
I think things like this are the tip of an emerging ice berg relating to the ip-ification of everything:
etc; etc;
To me, all Home Automation does is increase complexity and security risks for some specious conveniences.
Maybe it's just me, but I would rather have to remember that I'm out of Mayo, than have an ip'd fridge send a message to my Android that I need to pick it up at the store.
We play the game with the bravery of being out of range
turning their computer off before they save a document, then turning it back on, so they blame Windoze.
There was an unknown error in the submission.
"She is so cool. She immediately assumed I was playing with the home automation. The thought of it being ghosts synchronized with the TV show simply amused her.
I married well."
Yeah, rub it in harder, will you?
"She is so cool. She immediately assumed I was playing with the home automation. The thought of it being ghosts synchronized with the TV show simply amused her.
I married well."
Yeah, rub it in harder, will you?
My wife's a programmer.
Do not mock my vision of impractical footwear
All wives are programmers.
Kid-proof tablet..
1. Root these devices, and synchronize their clocks
2. Turn them all off
3. Monitor the power network for a temporary increase in voltage (since load was suddenly shed)
4. Just as the voltage gets back to normal, turn all the devices on.
5. Watch the power network for a temporary decrease in voltage (since load was suddenly added)
6. Just as the voltage gets back to normal, turn all the devices off.
7. Once you have found the resonant frequency of corrections to the electrical grid, tell all the devices to cycle at that frequency.
8. If there is enough load handled by these devices, the system may oscillate so heavily that voltage is far outside of normal, causing overheating or fires (either too high voltage for resistive loads or too low voltage for inductive loads), excessive vibration, design parameter excursions, etc.
How about:
The relay or relay contacts on this gadget give out.
How about turning on the lights in the USPTO so they can see what they are doing.
I kind of fail to see how that would change anything.
How about turning on the lights in the USPTO so they can see what they are doing.
I kind of fail to see how that would change anything.
And maybe I should read the post properly before replying. True indeed.
I've been using home automation since the 80's (damn, that's a long time ago) in the dark ages of X10.
As with many systems, there are some important questions to keep in mind:
Does this system or particular controlled device have benign failure modes? The answer better be "Yes!"
How do I secure access to the system? (Hint: don't connect it directly to the Internet!)
Does this system have a master OFF switch and easily useable manual controls? (Think COLOSSUS Forbin Project - again, the answer better be "Yes!")
Is automating this going to piss off someone I don't want to piss off? (E.g. I like motion-controlled lighting in some rooms; my wife hates motion controlled lighting.)
How can this whole thing go sideways at 3AM and give me a cheap thrill?
There I was, deep in dreamland one night when, from my server room I heard a faint beeping noise at regular intervals... Groggy, I wake up, totter over to the 'server room' door (spare bedroom) and have a gander. In a groggy state it took me a moment in the dark to perceive what was going on, the APC UPS was power cycling the server and other ancillary items at a regular interval, turns out, when the battery goes south, the UPC just crowbars the AC and reboots (repeat...). Now, HD's were connected to the server and each one was cycling up for a few seconds, then spun down only momentarily etc. Terrible on spinning media. Luckily all was well in the end but its important to understand the failure modes on UPCs for your application esp if spinning media is connected.
H.
I'm assuming one room with at least 2 WeMos for simplicity's sake... As preparation, I'd have to place wireless cameras at the windows and make sure I can see every angle from my Base Of Evil Operations.
I'd let the lights behave normally for about the first 10 minutes they're turned on with somebody in the room, then make one "flicker" (like an electrical issue might cause) and shut off. Wait for the person to approach the light, turn that WeMo back on, wait for them to head back to wherever they were at, flicker off again when they pass a certain point.
After a couple of times doing that, I'd then start affecting that light plus a second one when they pass close enough to it, and so on with all of the lights in the room. When they get frustrated/upset, turn all the lights back on right after they leave the room, keep them on when they return and sit down... ...well, that is, keep them on just long enough for them to relax, then repeat with some variation, always making sure it always appears to happen in response to something they do or somewhere they go, so it doesn't look random enough to tip them off.
Another version of this for somebody that has a partner currently doing something in another room would be to either just flicker the lamp for short bursts (maybe "WeMo Rocks" in Morse code) *or* do the earlier lamp flicker-die/on/off trick. When the person leaves to tell their partner, wait for the two of them to come, then have it act completely normal, like the original victim was imagining things or something. Wait for the partner to leave, then perhaps make one light at a time flicker and die, or do it to all of them except one -- whatever gets the best reaction.
Damn, if I had enough free time I'd go look through the BOFH website for ideas...
Now mostly at Usenet:comp.misc & SoylentNews.org (it's made of people!)
Um, Peace Corps.
Why, without your clothes, you're naked, Miss Dudley!
Remotely turn off the fence so the raptors can get out.
Why, without your clothes, you're naked, Miss Dudley!
It also implies no one is usually there "a little after midnight", which doesn't match my university experience.
All wives are programmers.
Programmer?!
I hardly know her!
I was thinking of making a system that would allow an aged family member to call for help to the other family members by simply shouting, for example if he had a bad fall and couldn't get up. The system would also tell him the time also vocally, could initiate a skype call, etc.
I have actually seen a product by a European startup that is designed to do something similar (I believe you knock on a wall..)
Such home systems to care for the aged would be hosed.
a large inrush current (such as a motor)
LED Lighting and the divers that run them have a significantly larger inrush current than incandescent lighting ( http://ledsmagazine.com/features/9/3/7/EcosystemFig3 ). I'd be more concerned about that than a motor.
This "feature" of LED lighting was not something that was initially taken into account.
X10 is the most popular home automation technology on the market and its even less secure. If you use the wireless remote, anyone with another X10 remote can go through all the house and device codes until they find the ones that control the lights in your house. Even if you use the wired protocol only, a thief could easily plug in a controller to an exterior electrical outlet and control the devices through that.
Despite all this, I have had zero problems over the past 10 years with someone else controlling my devices.
Love that movie
The guy who said the election was rigged won the presidency with the second-most votes.
Wait until normal peak usage, turn everything off for a bit and keep it off, then turn everything on at the same time. Collapse the grid.
Ah, takes me back to High School.
I went to a special (no jokes, please!) city-wide high school (Cass Tech, in Detroit) in the 70's, way before the trend toward this sort of thing. (Cass Tech was actually established in the 1920's, in coopertion with the auto industry.) I had 8 sememters of Electronics in high school.
One of my classes was taught by Walter Downs, also known for some reason by his students as "Wally Gator". (A popular TV cartoon character at the time.) Wally ... er, Walter... was from Baltimore, and he had an odd accent that we would make fun of. He also had a laugh or grunt that we interpreted as "Woo hoo hoo!"
His class was conducted in an electronics lab. We didn't have desks, but sat at test benches, several stations to each long bench. There are sets of test equipment, and, of course, an electrical strip running down the middle of the bench.
The electrical strips were normally turned off at the circuit breaker. The instructor would go into a closet and turn on the circuit breaker at the start of a lab session, and then turn it off again at the end.
So, a common trick was to insert a wire into an electrical outlet, briding the AC line, while the circuit breaker was off. He would go to turn on the breaker, and, of course it would pop. If we were lucky there would be some mild pyrotechnics accompanying this. This is how we learned the relationship between wire size and current-carrying capacity.
We did this because it would always elicit exactly the same respnse:
"WOO HOO HOO! You fellas be stickin conductors in the outlets! WOO HOO HOO!"
(He seemed pretty good-natured about it. Much more so than when he said "WOO HOO HOO! You fellas be keepin' noise!"
So, today, you can do this with WiFi, huh?
There is precedent to the former http://youtu.be/o2HPq-WDnFQ Ghost in the Machine (1993)
Ah... using the flashing LEDs to give instructions to Asimo to execute.
Some just have more difficult systems to work with than others.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
I rest my case.
Defining Statistics and Social Research