-
Notifications
You must be signed in to change notification settings - Fork 64
WeMo Cloud
WeMo operates a cloud service to allow users to control their devices remotely, when not connected to the local network. The WeMo apps on Android and IOS both use this cloud service. Starting in May of 2020, Belkin started requiring users to create an account and login to the app (Android app version 1.25). In addition to the account, most of the app functionality now requires a connection to the cloud (internet access), even for simple actions such as toggling a switch. All of the commands that go through the cloud are encrypted and cannot be easily inspected.
-
api.xbcs.net: This is the main cloud service for WeMo devices. Devices report their state and receive commands from this host. -
fw.xbcs.net: Firmware updates are downloaded from this host. -
heartbeat.xwemo.com: WeMo devices perform an ICMP connectivity check periodically to ensure they remain connected to the internet. -
nat.wemo2.com: This is likely related to a Traversal Using Relays around NAT (TURN) service.
There is a concern that Belkin could, in the future, update the Wemo device firmware and disable or break the Local API. If this happens, pywemo may no longer function on that device. This section describes a few methods to hopefully avoid such a situation.
The local API on some devices contains a setAutoFWUpdate method. See the Local Interface for how to determine if your device supports this method. The default value for the AutoFWUpdate feature is unknown. The Auto firmware update feature can be disabled by calling this method.
import pywemo
device = pywemo.discovery.device_from_description(
pywemo.discovery.setup_url_for_address(WEMO_IP, 0), None
)
if hasattr(device.basicevent, 'setAutoFWUpdate'):
device.basicevent.setAutoFWUpdate(enableAutoUpdate=0)
else:
print('setAutoFWUpdate is not supported on this device')WeMo devices can be put on an isolated VLAN and/or blocked from accessing the cloud service with a firewall. However, due to periodic connectivity checks that the device performs, completely blocking the internet will result in some devices flashing a red colored LED periodically. It is recommended to allow the devices access to ICMP for both heartbeat.xwemo.com and 8.8.8.8. This should avoid the red flashing LED.
The firewall changes above will block a WeMo from accessing the internet. The devices will still attempt to contact the cloud service, however. One method to avoid having the device attempt to contact the cloud service is to not supply a DNS server to the WeMo using DHCP. If the WeMo device does not receive a DNS server it does not attempt to contact the cloud service. It does however still send ICMP pings to 8.8.8.8 for the connectivity check. Allowing these requests avoids the periodic red flashing LED.