The Register: Insecure firmware handling, poor communications practises and API vulnerabilities are among a range of vulnerabilities security company IOActive has identified in Belkin’s WeMo home automation systems.
In its advisory, here, IOActive says it’s discovered that the systems leak a hard-coded key and password that Belkin uses to sign firmware. This makes it a cinch for an attacker to create firmware that’s presented to the user as legitimate.