Belkin Fixes WeMo Vulnerabilities With Firmware Update

Fear not, owners of Belkin WeMo devices: you no longer have to lose sleep over the possibility that your smart plug will be hacked. Belkin has rolled out an update that patches the five vulnerabilities listed by FEMA’s Computer Emergency Readiness Team. This security hole affects up to 500,000 WeMo devices, and as CERT states, the vulnerability could result in anything from a fire to the waste of electricity.

These holes were recently discovered and announced by IOActive, Inc. As the press release states, the security company made several attempts to contact Belkin about the issues, but Belkin was unresponsive. So IOActive turned to CERT who also issued a statement. However, per a statement Belkin sent to TechCrunch (embedded below), Belkin was in fact in contact with the security research firm prior to their public statement.

Specifically, Mike Davis, IOActive’s principal research scientist, identified that through several different means, hackers could remotely access Internet-connected WeMo products, upload custom firmware, remotely monitor devices and access local networks.

The update Belkin recently issued patches these holes.

This speaks to a larger issue. As the Internet of things takes off, hackers and malicious coders have an increasing number of targets. It’s not inconsivable that in the near future, KitchenAid will have to issue a security patch for a toaster or blender.

Belkin’s Statement

Belkin has corrected the list of five potential vulnerabilities affecting the WeMo line of home automation solutions that was published in a CERT advisory on February 18. Belkin was in contact with the security researchers prior to the publication of the advisory, and, as of February 18, had already issued fixes for each of the noted potential vulnerabilities via in-app notifications and updates. Users with the most recent firmware release (version 3949) are not at risk for malicious firmware attacks or remote control or monitoring of WeMo devices from unauthorized devices. Belkin urges such users to download the latest app from the App Store (version 1.4.1) or Google Play Store (version 1.2.1) and then upgrade the firmware version through the app.

Specific fixes Belkin has issued include:

1) An update to the WeMo API server on November 5, 2013 that prevents an XML injection attack from gaining access to other WeMo devices.

2) An update to the WeMo firmware, published on January 24, 2014, that adds SSL encryption and validation to the WeMo firmware distribution feed, eliminates storage of the signing key on the device, and password protects the serial port interface to prevent a malicious firmware attack

3) An update to the WeMo app for both iOS (published on January 24, 2014) and Android (published on February 10, 2014) that contains the most recent firmware update

Cuff Blends Jewelry With A Wearable Alert System

For some fashionistas wearables can be clunky and don’t aesthetically combine well with the other jewelry that women and men may have on their wrists such as bracelets, or a watch. Cuff is hoping to change this with a new line of jewelry wearables that serves as an alert system for family and friends.

The Cuff collection consists of bracelets, necklaces, and key chains in a variety of finishes and textures. The line is meant to be unisex, and offers options for both men and women. Each piece is anchored by a small rectangular component called the “CuffLinc,” which acts as the alert system. CuffLincs can be removed and tucked into any of the pieces in the Cuff collection.

Using Bluetooth technology, the CuffLinc will connect to your

phone via Cuff’s app. If A wearer squeezes the Cuff, an alert will go to the designated people in the wearer’s network. If anyone in the network is wearing a Cuff, their Cuff will vibrate. If they don’t have a Cuff, they will receive a push notification to their phone with the alert with the location of the sender. You can set up which of your contacts will get an alert via the startup’s app, which also holds personal and medical information like blood type, health issues and more. Users can also program their Cuffs with different alerts for people (i.e. three taps to alert my babysitter, one tap for my husband).

Dropbox_-_Cuff_Media_Kit 2We’re told the CuffLinc doesn’t need to be charged and has to be replaced once a year. Cuff also plans to license CuffLinc to other fashion retailers and designers so they can potentially build around the technology.

Cuff is the brainchild of Deepa Sood, who was previously a former VP of Product Development at luxury retailer Restoration Hardware. Sood has been making her own jewelry for a while, and realized that there was very little wearable technology on the market that actually looks like jewelry.

The startup, which has raised a round of seed funding from Tandem, is launching pre-orders today with a number of options, including leather bracelets, metal bracelets, pendants and chains. These range in price from $35 to $125. Pieces will be shipped as early as this fall.

The safety and security notification capability is just one of the first smart functions that will be delivered through CuffLinc, explains Sood. Eventually you’ll be able to record your voice.

Of course, at this stage the CuffLinc doesn’t yet have the fitness and sleep-tracking capabilities of most wearables on the market. But Cuff has tapped into the aesthetic part of wearable technology that some feel is missing from trackers. Another startup that is doing something similar to Cuff is Sense6. And wearable developers are catching on to aesthetics. Misfit Shine offers a number different colors and leather bands. And Fitbit and Tory Burchhave teamed up to create a new line of fashion-forward wearables.

Facebook Opens Up LGBTQ-Friendly Gender Identity And Pronoun Options


Facebook has just updated to let users choose the gender pronoun they associate with. Aside from the usual “male” and “female” options, users can choose up to 10 different gender definitions to describe themselves out of more than 50 options, including “cisgender,” “transgender” and “intersex.”

Not only will this show up on the user’s About page, but it will show up in all other pronouns on the site that refer to that user. This way, users will not only show up as he/him and she/her, but some may show up with the neutral they/their. So instead of getting a prompt that says “Write on Joey’s wall for HIS birthday,” the prompt will say “write on Joey’s wall for their birthday.”

You can change this by heading into the settings menu on your About page and clicking on the gender options. Alongside

male and female, you’ll see an “Other” option. When “other” is selected, a list of 10 more nuanced options will appear.

Previously, Facebook’s gender selector looked like this:

cg_context cg_before

But now it has the added LGBTQ options:



“While to many this change may not mean much, for those it affects it means a great deal,” said Facebook publicist Will Hodges in an email. “We see this as one more way we can make Facebook a place where people can express their authentic identity.”

According to the email, Facebook worked closely with LGBT activist groups to compile the new list of gender-identity options. Facebook also added a new privacy option that lets users select who sees their gender:

“We also have added the ability for people to control the audience with whom they want to share their custom gender. We recognize that some people face challenges sharing their true gender identity with others, and this setting gives people the ability to express themselves in an authentic way.”

This lets users block certain less tolerant people from seeing their gender identity.


The update comes three years after Facebook added LGBTQ-friendly relationship statuses, including “in a civil union” and “in a domestic partnership.”

Facebook has shown a consistently progressive attitude towards gender and sexual preference over the year. The company won a Gay and Lesbian Alliance Against Defamation Media Award for fair and accurate representation of the LGBTQ community and issues that impact it. To combat bigotry, it released stats noting that 70 percent of U.S. Facebook usershave a friend who lists themselves as LGBTQ.

In 2013, over 700 employees and CEO Mark Zuckerberg marched in the San Francisco Pride parade. It’s even painted the Hack logo in its Menlo Park headquarters’ courtyard with rainbow colors.

Both through its service’s options and its company culture, Facebook is setting a positive example for how tech can promote tolerance. This could help it attract LGBTQ talent and users, and push other companies to build in compassion for all people.



Fin, The Bluetooth Ring That Turns Your Hand Into A Wireless Controller, Hits Its Funding Goal



The Bluetooth ring that went on to become one of our Hardware Battlefield finalists. Fin, which turns your hand into a wireless controller for smartphones, TVs, and other connected devices, just reached its $100,000 Indiegogo goal. Now Fin is aiming for its stretch goal of $150,000, which will make the ring available for a discounted price to visually impaired people.

Fin is worn on your thumb and has a tiny optical sensor that detects movements, allowing you to send commands to connected devices with a few swipes and taps of your fingers. As Greg Kumparak described when he wrote about the device’s prototype in January, you can turn down your phone’s volume by swiping your thumb down your index finger or skip the current track by swiping your thumb across the palm of your opposite hand. In the future, creator RHL Vision wants to use biometrics to assign a different behavior to each segment of your finger, basically turning them into buttons.


Candy Crush Maker King Files For U.S. IPO

The studio behind addictive matching puzzle game Candy Crush has begun the process of filing for its U.S. IPO with the Securities and Exchange Commission, Re/Code reports. The UK company will look to begin trading on the New York Stock Exchange under the ‘KING’ ticker symbol should everything go according to plan.

Last year, Candy Crush was the top earning title on any mobile platform according to mobile app analytics firm Distimo, since it occupied a top spot on both iOS and Android all year. Candy Crush was released halfway through 2012, but it has managed to retain much of its momentum since then, which is impressive in the fickle casual games market. As Re/Code points out, however, King’s revenue declined between the third and fourth quarters of 2013, so it may need its next hit to come along sooner rather than later.

Currently, however, King’s games bring in 1.2 billion daily plays from 128 million daily active users according to the most recent numbers from the company, of which 73 percent come from mobile devices. Candy Crush has definitely been a defining moment for the company, but it has been in the casual games business since 2003, and in its IPO King cites its massive built-in player network (which includes 324 million monthly active users in total) as a key competitive advantage.

Still, it’s hard to deny that Candy Crush has been the overwhelmingly dominant source of growth for King. In its IPO documents, the company reveals that it apparently grew from a profit loss of $1 million in the first quarter of 2012, to a profit gain of $269 million in the fourth quarter of 2013. The company is looking to raise $500 million with this IPO according to its filing.

King admits in its list of potential risk factors that “a small number of games currently generate a substantial majority of our revenue,” and that even developing new games could just recirculate its existing audience instead of growing a new one, but also says it plans to strengthen its new game and intellectual property development pipeline, and expand its existing titles to new platform and geographies to retain its competitive edge.