Connected kettles boil over, spill Wi-Fi passwords over London
Pen-tester's killer cuppas made in cracked iKettle
A security man has mapped and hacked insecure connected kettles across London, proving they can leak WiFi passwords.
The iKettle is designed to save users precious seconds spent waiting for water to boil by allowing the kitchen staple to be turned on using a smartphone app.
Pen Test Partners bod Ken Munro says hackers can make more than a cuppa, however: armed with some social engineering data, a directional antenna, and some networking gear they can "easily" cause the iKettle to spew WiFi passwords.
"If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle," Munro says. "Attackers will need to setup a malicious network with the same SSID but with a stronger signal that the iKettle connects to before sending a disassociation packet that will cause the device to drop its wireless link.
"So I can sit outside of your place with a directional antenna, point it at your house, knock your kettle of your access point, it connects to me, I send two commands and it discloses your wireless key in plain text."
Munro has plotted vulnerable iKettles in London on Google Maps but opted not to disclose it to prevent things boiling over.
Instead attackers will need to find their own victims using the WIGLE.net WiFi probing service, users chatting about their appliances over Twitter, and correlating that data with directories like 192.com.
Munro says the state of internet of things security is "utterly bananas" and akin to the quality of infosec in the year 2000.
Users who configure their iKettles using the Android app are easy to pop since passwords remain default.
The iOS app is slightly more secure but still sets six digit codes that are crackable within hours.
The hackers are now eagerly awaiting to test the security chops of the Smarter Coffee machine.®