Invincea Labs researchers showed how they could hack into Android phones running an app that controls WeMo IoT devices, according to Network World. The researchers presented their findings during the Black Hat Europe conference this week in London.
Security holes in several types of Belkin WeMo devices — such as cameras, light bulbs and coffee makers — also allowed the researchers to hack into those devices. Belkin said it issued patches for the flaws.
"This is the first instance we’ve seen of IoT hacking something else," researcher Scott Tenaglia told Network World.
The researchers hacked into the phone, downloaded its picture, and then beaconed the phone’s location back to the researchers. Tenaglia said the hack could only affect the services that the WeMo application communicates with, which included the telephone, camera, storage and location.
IoT devices have recently been used to launch massive DDoS attacks, but hacking into phones is a new twist. With the coming election, cybersecurity concerns have been heightened, with extra attention given to how vulnerable IoT devices are. Some are calling for more built in security from the manufacturers to ensure that malicious actors cannot harness devices for botnets.