Smart Homes Security a Leaky Kettle
The Internet-connected home brings with it more conveniences than you can count. But the flip side might be the concern that any device in the home can be the one that lets hackers take over.
One case in point: The iKettle, a popular device to heat water for coffee or tea controlled by a smartphone app, can quickly be hacked to reveal a home network’s password, at which a hacker can download almost anything, perhaps install viruses, or even take over the devices on that home’s network.
London-based security researcher Ken Munro can use social media and other readily available tools to make the iKettle “spew Wi-Fi passwords,” says tech news site The Register. “Attackers will need to set up a malicious network with the same SSID,” or network name, “but with a stronger signal that the iKettle connects to,” Munro told The Register.
“So I can sit outside of your place with a directional antenna, point it at your house, knock your kettle off your access point, it connects to me, I send two commands, and it discloses your wireless key in plain text,” he explains.
Hackers can combine information from sites like WIGLE.net, which maps all visible networks, with Twitter searches for users who tweet about their smart appliances, to quickly discover vulnerable Wi-Fi networks.
Munro says that iKettles configured using the Android app are more vulnerable because that app doesn’t change passwords from the default. iOS users are only slightly more secure, though, because that app uses six-digit codes that can be cracked within hours.
Source: “Connected kettles boil over, spill Wi-Fi passwords over London,” The Register (Oct. 19, 2015)