(Ars Technica) Security researchers have taken the unusual step of recommending that people stop using Belkin’s WeMo home automation products after uncovering a variety of vulnerabilities that attackers can exploit to take control of home networks, thermostats, or other connected devices.

WeMo products allow people to use smartphones and computers to remotely control light switches, Web cams, motion sensors, and other home appliances. Now the items are exposing the password and cryptographic signing key used to ensure that firmware updates are valid, according to an advisory published Tuesday by researchers from security firm IOActive. Attackers can use the credentials to bypass WeMo security checks and sign malicious firmware that masquerades as an official release from Belkin.

Note: Read our discussion guidelines before commenting.