SQLi, XSS zero-days expose Belkin IoT devices, Android smartphones

LONDON, UK – Research director Scott Tenaglia and lead research engineer Joe Tanen detailed the vulnerabilities during their ‘Breaking BHAD: Abusing Belkin Home Automation devices’ talk at the Black Hat Europe conference in London last Friday.
The zero-day flaws specifically relate to Belkin’s smart home products and accompanying Android mobile application, which is used to wirelessly control the home automation devices.
The first flaw, a SQL injection vulnerability, ena