Slashdot Mirror

← Back to Stories (view on slashdot.org)

Turning the Belkin WeMo Into a Deathtrap

Posted by timothy on from the they-keep-poltergeisting-me! dept.

Okian Warrior writes "As a followup to yesterday's article detailing 50 Million Potentially Vulnerable To UPnP Flaws, this video shows getting root access on a Belkin WeMo remote controlled wifi outlet. As the discussion notes, remotely turning someone's lamp on or off is not a big deal, but controlling a [dry] coffeepot or space heater might be dangerous. The attached discussion also points out that rapidly cycling something with a large inrush current (such as a motor) could damage the unit and possibly cause a fire." In the style of Bruce Schneier's movie-plot threat scenarios, what's the most nefarious use you can anticipate such remote outlet control being used for?

24 of 146 comments (clear)

  1. If you're putting a space heater on a remote... by Anonymous Coward · · Score: 4, Insightful

    Please, please, learn some common sense.

    Never have a heater like that unattended, it's just not safe.

    1. Re:If you're putting a space heater on a remote... by pushing-robot · · Score: 4, Funny

      Agreed. Heaters should never be left unattended.

      Always put them on a timer, or better yet, a remote-controlled outlet you can monitor and control from anywhere.

      I have a Belkin unit that works great. Highly recommended!

      --
      How can I believe you when you tell me what I don't want to hear?
  2. Servers need power, too! by Anonymous Coward · · Score: 3, Interesting

    One of the worst tech support nightmares I experienced was remotely diagnosing why the Point of Sale servers kept shutting off at the same time every week. It turned out that the outlet the battery backup was plugged into was connected to a light switch that the weekly cleaning people turned off - weekly. When support came into the room, what was the first thing they did? Turn on the lights!

    Imagine power cycling all the outlets in a server room - over and over and over!

  3. Worst Case Scenario by Anonymous Coward · · Score: 5, Funny

    Forcing someone's DVR to record and play Jersey Shore.

  4. Swatting by PapayaSF · · Score: 2

    "Hello, 911? I am trapped in my house at 123 Main St. by a gang of armed robbers. I'll blink a lamp to let you know a good time to break down the front door. I'm hiding under a bed, so shoot anyone else."

    --
    Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot
  5. Subtlety. by pla · · Score: 3, Funny

    In the style of Bruce Schneier's movie-plot threat scenarios, what's the most nefarious use you can anticipate such remote outlet control being used for?

    Turn off the fridge after the victim goes to work for the day, and turn it back on about an hour before they get home.

    Repeat until they die... of Botulism! <Cue evil laugh>

    1. Re:Subtlety. by Scarletdown · · Score: 2

      You laugh, but in Peace Corps I actually had a fridge whose thermostat controls were dead, so it operated at either full-blast (freezing everthing) or unplugged. I abused an x10 plug and a timing script run off a computer to cycle it on and off over the course of the day to regulate it. Never died!

      I think the most nefarious thing would be to turn off automatic coffee-makers ~ 15 seconds after they'd started, so the grounds are soaked and warm (i.e. ruined*), and there's no coffee.

      That would be grounds for fully justified homicide. No jury in the 1st World would convict.

      --
      This space unintentionally left blank.
    2. Re:Subtlety. by cloudmaster · · Score: 2

      "Grounds"? So, after allowing the facts to percolate, there'd bean no chance of convection?

  6. space heater have temp and tip over switches by Joe_Dragon · · Score: 2

    space heater have temp and tip over switches that can trun it off.

    1. Re:space heater have temp and tip over switches by X0563511 · · Score: 2

      Both (well, the tip switch anyways) are mechanical and can fail. They certainly help but should not be depended on.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    2. Re:space heater have temp and tip over switches by Runaway1956 · · Score: 2

      Space heaters often have not thermostat on them. They are either off, or on, and they are either high or low setting. Thermostats are relatively expensive, especially a reliable thermostat. It's the first place cheap space heater manufacturers attempt to cut costs.

      Tip over switches can fail. I've seen them fail enough times that I'll never rely on one. A little dirt, some lint, a couple years of corrosion, and magically, the damned switch just doesn't work.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    3. Re:space heater have temp and tip over switches by big_e_1977 · · Score: 3, Informative

      Modern heaters can only draw 12 amps maximum. It's an electrical code/UL requirement that plug and cord connected appliance only be capable of drawing 80% continuous load of the ampere rating the plug is capable of handling. The standard american electrical outlet is only rated at 15 amps, even if it's on a 20 amp circuit. Although 20 amp electrical outlets do exist, I have never seen an an appliance sold to ordinary consumers with a 120v 20 amp plug. If one were to exist, the maximum continuous amp draw would be limited to 16 amps.

  7. So the flaw in home automation products by TheSkepticalOptimist · · Score: 2

    ...is that homes often house stupid people.

    --
    I haven't thought of anything clever to put here, but then again most of you haven't either.
  8. Re:WeMo vs. high current devices? by Scarletdown · · Score: 5, Funny

    I just visited the WeMo web pages and couldn't find any technical information about what watt or amperage limits on it are.

    I have a hard time believing that it can handle a 1500 watt heater.

    1500... Would that be the definition of a WeMowatt? (Beware the sleeping lion tonight.)

    --
    This space unintentionally left blank.
  9. Re:WeMo vs. high current devices? by sconeu · · Score: 4, Funny

    Would that be the definition of a WeMowatt? (Beware the sleeping lion tonight.)

    Bravo, sir. You win the pun of the day award. I bow before your horrendous pun, and wish I had thought of it first.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  10. Older than dirt. by westlake · · Score: 2

    An early episode of "Perry Mason" (ca 1959) turned on the use of an R/C device to manipulate an antiquated gas space heater, establishing an alibi for the killing.

    When the inventor of the gadget became a plausible suspect, Mason had the gas line inspected for undocumented repairs. In the end, that made it obvious the real killer had to be the first one to discover the body --- giving himself enough time to remove the device and cover his tracks.

    1. Re:Older than dirt. by wonkey_monkey · · Score: 2

      Hey, spoiler alert, jeez.

      --
      systemd is Roko's Basilisk.
  11. Re:Creating Paranormal Activities! by plover · · Score: 5, Funny

    Yes, there's probably someone out there who won't realize their appliances are online, and then these devices start doing things on their own all of a sudden. It will be ghosts, goblins, shenanigans, and lulz for all.

    One day at noon a few months ago, my wife was in our kitchen watching a TV show about paranormal activity of some sort or other. At the same time, being unaware that she had gone home for lunch, I was demonstrating my home automation setup to a co-worker by flicking the kitchen lights on and off from my phone.

    She is so cool. She immediately assumed I was playing with the home automation. The thought of it being ghosts synchronized with the TV show simply amused her.

    I married well.

    --
    John
  12. Re:Late for work by Obfuscant · · Score: 2

    Turn off a co-worker's alarm before a big event. Nasty.

    If your co-worker has his alarm clock on a switched outlet of any kind, that says a lot about the level of intelligence your company requires for people doing your job.

  13. Home Automation, "Convenience"... by Sir_Eptishous · · Score: 2
    Home Automation apologists, flame away!

    I think things like this are the tip of an emerging ice berg relating to the ip-ification of everything:
    • You haven't upgraded the firmware in your garage door opener?
      • Did you properly set permissions on your gas furnace?
        • Which version of the HomeSafe *nix Kernel are you running in your UPnP'd entertainment system?

        etc; etc;

        To me, all Home Automation does is increase complexity and security risks for some specious conveniences.
        Maybe it's just me, but I would rather have to remember that I'm out of Mayo, than have an ip'd fridge send a message to my Android that I need to pick it up at the store.

    --
    We play the game with the bravery of being out of range
  14. Re:Creating Paranormal Activities! by Nefarious+Wheel · · Score: 2

    "She is so cool. She immediately assumed I was playing with the home automation. The thought of it being ghosts synchronized with the TV show simply amused her.
    I married well."

    Yeah, rub it in harder, will you?

    My wife's a programmer.

    --
    Do not mock my vision of impractical footwear
  15. Re:Creating Paranormal Activities! by adolf · · Score: 4, Funny

    My wife's a programmer.

    All wives are programmers.

    --
    Kid-proof tablet..
  16. Worst thing: Synchronize them! by Avidiax · · Score: 3, Insightful

    1. Root these devices, and synchronize their clocks
    2. Turn them all off
    3. Monitor the power network for a temporary increase in voltage (since load was suddenly shed)
    4. Just as the voltage gets back to normal, turn all the devices on.
    5. Watch the power network for a temporary decrease in voltage (since load was suddenly added)
    6. Just as the voltage gets back to normal, turn all the devices off.
    7. Once you have found the resonant frequency of corrections to the electrical grid, tell all the devices to cycle at that frequency.
    8. If there is enough load handled by these devices, the system may oscillate so heavily that voltage is far outside of normal, causing overheating or fires (either too high voltage for resistive loads or too low voltage for inductive loads), excessive vibration, design parameter excursions, etc.

  17. Re:Creating Paranormal Activities! by naroom · · Score: 2

    All wives are programmers.

    Programmer?!

    I hardly know her!