Thursday, 23 February 2017

Don't want your Wemo online?

The IoT world is full of weird and wonderful security holes. I don't trust most of my IoT devices as far as I can throw them and for the most part I don't want them talking to the internet and creating tunnels into my network. Wemo does allow you to disable remote access but even then if someone did manage to get into a device somehow they could enable it and I don't completely trust Belkin's code won't try something sneaky in the middle of the night so I decided to block it's access to the internet at the router... This simple action that seems to not affect most other devices had a major impact on the Wemo, every 30 seconds or so it would stop responding for 3 seconds and would constantly fall off the network with a flashing orange light. I noticed when I had enabled internet access for a firmware update that both of my devices never missed a ping while they were online so I started running packet captures on them. It turns out the Wemo is pinging the gateway IP every 30 seconds or so and when it doesn't get a response it will time out for a few seconds (not sure what it's actually doing when this happens). I added a rule to allow ICMP responses from the gateway IP (the internal IP of the router) and blocked all other traffic with a reject rather than a drop and now they are both staying online steadily without being able to talk to the internet. They also respond much faster in the app and more reliably too.

No comments:

Post a Comment