An anonymous reader shares a report: IoT security research firm Sternum has discovered (and disclosed) a buffer overflow vulnerability in the Wemo Mini Smart Plug V2. The firm’s blog post is full of interesting details about how this device works (and doesn’t), but a key takeaway is that you can predictably trigger a buffer overflow by passing the device a name longer than its 30-character limit — a limit enforced solely by Wemo’s own apps — with third-party tools. Inside that overflow you could inject operable code. If your Wemo is connected to the wider Internet, it could be compromised remotely.

The other key takeaway is that Wemo-maker Belkin told Sternum that it would not be patching this flaw because the Mini Smart Plug V2 is “at the end of its life and, as a result, the vulnerability will not be addressed.” We’ve reached out to Belkin to ask if it has comments or updates. Sternum states that it notified Belkin on January 9, received a response on February 22, and disclosed the vulnerability on March 14.

Read more of this story at Slashdot.

Source: Slashdot – Wemo Won’t Fix Smart Plug Vulnerability Allowing Remote Operation