Thursday, 23 February 2017
Don't want your Wemo online?
The IoT world is full of weird and wonderful security holes. I don't trust most of my IoT devices as far as I can throw them and for the most part I don't want them talking to the internet and creating tunnels into my network. Wemo does allow you to disable remote access but even then if someone did manage to get into a device somehow they could enable it and I don't completely trust Belkin's code won't try something sneaky in the middle of the night so I decided to block it's access to the internet at the router... This simple action that seems to not affect most other devices had a major impact on the Wemo, every 30 seconds or so it would stop responding for 3 seconds and would constantly fall off the network with a flashing orange light. I noticed when I had enabled internet access for a firmware update that both of my devices never missed a ping while they were online so I started running packet captures on them. It turns out the Wemo is pinging the gateway IP every 30 seconds or so and when it doesn't get a response it will time out for a few seconds (not sure what it's actually doing when this happens). I added a rule to allow ICMP responses from the gateway IP (the internal IP of the router) and blocked all other traffic with a reject rather than a drop and now they are both staying online steadily without being able to talk to the internet. They also respond much faster in the app and more reliably too.