Belkin considers how open its WeMo line of connected devices should be


Belkin is considering a change in how it handles open access to its WeMo line of connected devices in an attempt to make them more secure, according to the company and sources. Belkin’s WeMo products consist of two connected outlets, a baby monitor, a light switch and a motion sensor. The products let you control the various devices from an app and are also tied into several other connected home services such as SmartThings and Revolv.

The devices use Wi-Fi and can connect directly to the internet, and early this year hackers exploited that to take control of a WeMo outlet. While it’s hard to imagine exactly how much damage one can do with control of an outlet (if I used it to plug in my chainsaw or food processor, an unexpected switch could result in a lost finger, I suppose) as it expands its line of products Belkin appears to be thinking ahead.

A source told me that the company was thinking about locking down its ecosystem which might make it hard for companies to build support for WeMo into their platforms, but Belkin stressed that its partnerships are very important to it. From a statement sent via email by Leah Polk, a Belkin spokeswoman:

Long story short, we aren’t planning anything in the near term. We love that people and companies are building solutions that control WeMo, and have no definite plans to change that. However, because of WeMo’s success, we are looking at ways to expand the platform to make it more robust and secure, as well as providing support for our development partners. This may mean that we need to secure the open protocols that are currently being used, but if we do go that route we would offer an alternative and supported development kit that will enable the same functionality.

And that right there is the fine line that companies have to walk as they build out the internet of things. While it’s awesome that Belkin has let other parties build support for its products into their products without some formal partnership, that may end up being the security equivalent of leaving your front door not just unlocked, but swinging wide open.

While startups might support WeMo devices and find it easy to do so because of that open door, other companies that might want to offer service contracts or have an established brand behind them, could view that as a little too risky. So if Belkin can find a middle ground where it shuts the door and maybe even locks it, but still is willing to throw resources behind having someone open the door to legit partners, that could work.

What that actually looks like in practice, though is still unclear, as Belkin is still discussing this. On the opposite side of the spectrum is Nest, a company that started out locked down and is now pledging to open up its API in January. What’s increasingly clear, though is that while consumers might buy one connected device without a vision of connecting their entire home, once you have that connected object it’s hard not to look around and wonder what else you could connect it to.

So locking things down tightly probably isn’t going to be the right strategy going forward, which means that efforts like Belkin’s and Nest’s will be important to watch in the coming year.



For what it’s worth, I’m happy with the recent improvements to Belkin’s public SDK last week. Lightbow 1.3 now lets users control Belkin WeMo hardware right alongside their Philips lights. For a long time it didn’t look like they would update their SDK, but finally 3rd party apps can support not only the WeMo Switch (outlet), but the WeMo Insight and the WeMo Light Switch.

If they lock it down in the future, it would upset both me and my users. I would probably go so far as to say it would make their products useless next to the newer hardware coming out in 2014 that is open, more functional (dimmers instead of just on/off), and in some cases even cheaper. For the baby monitor? Sure, lock that stuff down. For the light switches, I hope they make minimal changes. Philips has an approach where you have to pair your iPhone to their bridge the first time. Seems like a good model to start with.


The API isn’t the problem. The real issue is that the WEMO has no concept of security or authentication beyond WIFI credentials. Currently, there’s no way to restrict who can control your WEMO – every person who has your WPA keys can control a WEMO whether you want them to or not. Don’t want your kids to access a WEMO on the home network you want them to use? Tough, you can’t control this w/o setting up a firewall, something most people will not be able to accomplish.

David Janes

Companies are emulating the path of Internet Video, rather the Internet itself. They’re using security as a covering argument for Siloization, which I’m sure all the MBA-types in Belkin think is the way to go.

Rick Bullotta

Locked down APIs are the defacto *WRONG* strategy for the IoT, and in particular, the smart home ecosystem. The problem is that opening up the APIs presents the challenge of the device manufacturers being pushed back into the hardware business, which is decidedly lower margin in some cases.

Just as important to the ecosystem is APIs that do not require an intermediate cloud to access the device. The devices should be accessible via local APIs (IP, ZWave, XBee, etc.) either directly or via a local bridge/router. Companies that are using an approach that requires sensors and actuators to communicate to each other via the cloud are implementing a flawed design. The cloud will play a key role for API access, data aggregation, and “applification”, but devices need to be able to communicate locally as well and edge intelligence will become more and more important as the sophistication of the applications and their functional demands become more complex and demanding.


I STRONGLY AGREE… Thanks for pointing this out:

“… Companies that are using an approach that requires sensors and actuators to communicate to each other via the cloud are implementing a flawed design. The cloud will play a key role for API access, data aggregation, and “applification”, but devices need to be able to communicate locally as well …”

As a SmartThings customer, I am very concerned with their hard-wired dependance on their proprietary SmartCloud.

Comments are closed.