I have a WeMo and it works. I don't understand this hijack. Do users need access to my WiFi (or breach perimeter) first and take control?
It is a classic security/ease of use trade off, at the moment, anyone who has the app installed can take control of the device if they are on the same WiFi network. This control is retained if the user leaves the WiFi network. This is a helpful feature that can be a security risk.
And this is why closed source home automation is absurd. These are hardware devices - companies can make their profit selling hardware, but the protocols and endpoints need to be open.
They're more open than most electronics. They broadcast their capabilities and control URLs on the local network over UPnP. They don't have to be open to the internet to use them, just to get the firmware updates or use the mobile app from outside your LAN. You can talk to them directly from your code and people have written open source libraries encapsulating that.
I had taken WeMo devices down yesterday for a different reason but now I have reservations about putting them back up given Belkin's slow response to these issues. I had updated the firmware this past weekend so hopefully they really fixed the problems like the other article below posted claims but I will wait until the new firmware has been tested by outside sources before I think of plugging them back in.
It is a classic security/ease of use trade off, at the moment, anyone who has the app installed can take control of the device if they are on the same WiFi network. This control is retained if the user leaves the WiFi network. This is a helpful feature that can be a security risk.