WeMo Smart Homes Bashlite Malware

An improved version of Bashlite botnet malware was recently discovered by security researchers. This new and improved variant of Bashlite can hack smart homes using the Belkin WeMo automation switches and a whole lot more. It’s all part of the IoT (Internet of Things) that keeps technology humming in our world of inter-connected devices. As the IoT continues to grow with each added device, so grows the ability to hack the increase in systems we’ve grown to count on in our daily lives. The convenience our connected devices provide also presents a challenge keeping them safe from hackers, especially in our homes.

Bashlite was first discovered in 2014, making a name for itself with large scale DDoS (Distributed Denial of Service) attacks. Since then, Bashlite has been out of the news until just recently. Like many malware attacks we see today, Bashlite malware is back and better than ever. This latest version now includes attacks on devices in the IoT. WeMo’s home automation products like routers, motion sensors, surveillance cameras, light switches, and electrical plugs can now be hacked using Bashlite. WeMo uses a mobile app that relies on a Wi-Fi network to wirelessly control IoT devices in the home. The good news is that a security patch was released by Belkin in 2015 to address the flaws. The bad news is Belkin users who did not apply the patch at the time are currently at risk.

Although the IoT is far from perfect, the onus for keeping safe is on device creators and the software they use, as well as on the public who use them every day. Not applying security patches is an open door for any malware to enter your home, infiltrate devices and use IoT connections they have. Security patches exist for a reason, and that is to fix weaknesses allowing hackers to exploit their victims. Routers that control device interaction in a home are also at risk, so make sure they are properly configured and new, as in not previously used. Most certainly change any default passwords right off the bat. Then connect to the manufacturer’s website and download patches that may have been released while the product was sitting on the retailer’s shelf. It’s safe to assume that in the life cycle of an IoT product there may be many security patches over time. Users are directed to apply them as soon as they are released. Not doing so puts the responsibility for cybersafety squarely on the user and not a manufacturer like WeMo.

Keeping a smart home safe is one of many security concerns, so make sure patches for all IoT devices are updated. Remember, don’t give hackers the advantages they live to exploit.