Show simple item record

Files in this item


Item metadata

dc.contributor.authorLiu, Haoyu
dc.contributor.authorSpink, Tom
dc.contributor.authorPatras, Paul
dc.identifier.citationLiu , H , Spink , T & Patras , P 2019 , Uncovering security vulnerabilities in the Belkin WeMo home automation ecosystem . in 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops . , 8730685 , Institute of Electrical and Electronics Engineers (IEEE) , pp. 894-899 , SPT-IoT'19 - The Third Workshop on Security, Privacy and Trust in the Internet of Things , Kyoto , Japan , 11/03/19 .
dc.identifier.otherPURE: 276634349
dc.identifier.otherPURE UUID: 390b5daa-c03b-4872-bf33-2e225d51f23d
dc.identifier.otherRIS: urn:3B16210134F7F91BAEDC79414BC42973
dc.identifier.otherScopus: 85067944614
dc.identifier.otherORCID: /0000-0002-7662-3146/work/103138178
dc.description.abstractThe popularity of smart home devices is growing as consumers begin to recognize their potential to improve the quality of domestic life. At the same time, serious vulnerabilities have been revealed over recent years, which threaten user privacy and can cause financial losses. The lack of appropriate security protections in these devices is thus of increasing concern for the Internet of Things (IoT) industry, yet manufacturers’ ongoing efforts remain superficial. Hence, users continue to be exposed to serious weaknesses. In this paper, we demonstrate that this is also the case of home automation applications, as we uncover a set of previously undocumented security issues in the Belkin WeMo ecosystems. In particular, we first reverse engineer both the mobile app that enables users to control smart appliances and the communication logic implemented by WeMo devices. This enables us to compromise the passphrase guarding the communication over the local wireless network, opening the possibility of eavesdropping on user traffic. We further reveal how an attacker can present a fake device to a WeMo user, through which cross-site scripting can be exploited in order to mislead the user into disclosing private information. Lastly, we provide a set of security guidelines that can be followed to remedy the vulnerabilities identified.
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)
dc.relation.ispartof2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshopsen
dc.rightsCopyright © 2019 IEEE. This work has been made available online in accordance with publisher policies or with permission. Permission for further reuse of this content should be sought from the publisher or the rights holder. This is the author created accepted manuscript following peer review and may differ slightly from the final published version. The final published version of this work is available at
dc.subjectQA75 Electronic computers. Computer scienceen
dc.subjectQA76 Computer softwareen
dc.titleUncovering security vulnerabilities in the Belkin WeMo home automation ecosystemen
dc.typeConference itemen
dc.contributor.institutionUniversity of St Andrews.School of Computer Scienceen

This item appears in the following Collection(s)

Show simple item record