Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tattling Kettles Help Researchers Crack WiFi Networks In London (pentestpartners.com)

Posted by timothy on from the hi-fi-jumprope dept.

New submitter campuscodi writes: Security researchers at Pen Test Partners have found a security vulnerability in the iKettle Wi-Fi Electric Kettle that allows attackers to crack the password of the WiFi network to which the kettle is connected. Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created a map of insecure WiFi networks across the city. The same researchers cracked a Samsung smart-fridge this summer to disclose Gmail passwords. If you have 6 minutes, there's a YouTube video you can watch.

26 of 162 comments (clear)

  1. Ok first... by cayenne8 · · Score: 2, Insightful

    ...I gotta go google what the fuck an iKettle is? Is this like a crockpot wired to the internet for some reason?

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    1. Re: Ok first... by xaxa · · Score: 4, Informative

      Most British households have an electric kettle, a large jug with a 2-3kW heating element that heats the water to boiling point.

      It takes about 2 minutes, or less if there's less water, so I don't see why it benefits from being remote controlled.

      Cup of tea, anyone?

    2. Re:Ok first... by ShanghaiBill · · Score: 3, Interesting

      Seriously, is this a need?

      Most products are about filling a desire rather than a need. My wife is a tea connoisseur, spending hundreds of $s on gourmet blends. I could see her buying a device like this, so she could precisely control the timing and temperature. She would certainly buy it if it came with a Python API so she could write her own tea brewing apps.

    3. Re:Ok first... by MagickalMyst · · Score: 2

      "Seriously, is this a need?"

      Of course it is! This is the 21st century. We have "The Internet of Things" now.

      Every device must have wifi, at the very least.

      I mean, seriously - how did people ever get by in the 20th century with no Internet-ready cookware?

      Talk about living in the stone age!

      --
      Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
    4. Re: Ok first... by TechyImmigrant · · Score: 5, Insightful

      Oddly people in the US don't typically have an electric kettle. Yet once they've spent a week with one, they can't live without it. The bummer is the slow rate they boil relative to UK kettles. UK: 250V*13A = 3250W. US: 115V*15A = 1725W. So it takes roughly twice as long.

      The worst knock-on effect of this is that people seem happy to get tea from restaurants in the form of not-boiling water in a cup, with a tea-bag on a string for the customer to dunk. If you've never tasted tea infused at the proper temperature, you don't know what you're missing.

      I wish for the pre-storage kettle. Put a bunch of low ESR batteries in the base and charge them while not boiling. When someone boils water, combine energy from the mains and the batteries to deliver heat energy to the water.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    5. Re:Ok first... by vtcodger · · Score: 4, Insightful

      Let me suggest that within three or four years, the Internet Of Things will be redesignated as The Internet Of Horrors due to the lousy security and the lack of real need for remotely controlled toasters, hair driers, toothbrushes and pencil sharpeners. I'm sure that people putting in 80 hour weeks at SV startups with hopes of paying off their student loans and retiring at the age of 27 will be disappointed by that. But I think in the long run, we will all be better off.

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    6. Re:Ok first... by TechyImmigrant · · Score: 3, Interesting

      Talk about solving First World problems - geesh.

      I live in the first world. I have first world problems. I have no shame in solving them.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    7. Re: Ok first... by SQLGuru · · Score: 2

      Why not just get a coffee maker......if you want coffee, include the grounds. If you want water, don't. Or you know......just nuke the cup of water in the microwave like everyone else.

    8. Re:Ok first... by CWCheese · · Score: 2

      I own a non-wi-fi electric kettle, which takes me a total of less than 10 seconds to walk to and flick the switch each morning to start the boil; 30 seconds if I must fill it from the tap. The internet-of-things seems to be a baseless bunch of nonsense for the purpose of proving something can be done, no matter if it should be done at all. Gosh, just think of those folks who have to literally go out to draw water from a well or river, while simultaneously scrounging wood sticks to build a fire to boil water.

      --
      Have a Day!
    9. Re: Ok first... by PopeRatzo · · Score: 2

      I'd always heard you were NOT supposed to make your tea with boiling water...just under boiling was the correct way to do it...?

      I have been told by someone who knows about tea that the best way to do it is have the teapot on the other side of the kitchen from the kettle. Once the water boils, in the time it takes to carry the kettle to the teapot, the temperature is just right.

      The main thing is you don't want to boil the tea.

      --
      You are welcome on my lawn.
    10. Re: Ok first... by ewibble · · Score: 3, Informative

      main reason, electric kettles turn off by themselves.

    11. Re: Ok first... by jonbryce · · Score: 2

      Because an electric kettle is much quicker and more convenient. Stove top kettles are only found in museums.

    12. Re: Ok first... by safetyinnumbers · · Score: 2

      I don't see why it benefits from being remote controlled

      Because the future has turned into something out of a novel co-written by William Gibson and Douglas Adams.

    13. Re: Ok first... by Hognoxious · · Score: 2

      You still get a carry-over of coffee taste. It's slight but it's detectable and it makes anything that isn't coffee taste dreadful.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    14. Re:Ok first... by someoneOtherThanMe · · Score: 2

      Exactly, so you Muricans should, instead of buying IoT kettles, choose a simpler solution of either moving overseas or re-doing the electricity infrastructure in the entire country.

  2. You crazy Brits! by jellomizer · · Score: 2

    When will you learn a Wi-Fi enable Tea Kettle is a horrible Idea.
    Oh I just got a message from my Wi-Fi enabled coffee machine that my coffee is done.
     

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  3. This case... by Anonymous Coward · · Score: 5, Funny

    This is a case of the pot calling the kettle hacked.

    [Puts on sunglasses] Yeah!

  4. WHAT!?! by Sir_Eptishous · · Score: 2
    An ip assigned kettle?!? WTF?!?!

    Are you seriously telling me people would buy this and connect it to their wifi and then "manage" it via an app on their phone.
    That has to be the epitome of laziness...

    Here is the best part:

    Invite friends with the new social features. Send messages and invites through the Smarter app via Twitter, Facebook and more. Get together with friends and family and have a tea together. Make drink requests or ask a friend how they would like their tea or coffee before you forget to add the sugar.

    --
    We play the game with the bravery of being out of range
  5. virus hoax by orgelspieler · · Score: 2

    Remember back in the 90's when those virus hoaxes would go around saying Bill Gates was going to reset the thermometer in your freezer and melt all your ice cream? I see a new rash of those emails going around, about how hackers can make your tea steep at 80C. Oh the horror!!

  6. WiFi water kettle? Really? Seriously? by kheldan · · Score: 2

    Why the actual fuck does anyone need a gods-be-damned WiFi-enabled kettle in the first place? Too lazy to walk ten steps to the kitchen to turn the thing on? Really? Seriously, we've come to this?

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    1. Re:WiFi water kettle? Really? Seriously? by sinij · · Score: 3, Funny

      Speak for yourself. I am anxiously waiting for a Facebook-integrated Twitter-enabled IoT flushing toilet.

    2. Re:WiFi water kettle? Really? Seriously? by Thud457 · · Score: 2
      ... yadda yadda toilet posting to facebook yadda

      Well, that certainly improve the quality of facebook.

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  7. Seriously by WallyL · · Score: 2

    Seriously, no "418 I'm a teapot" error?

  8. PSK (pre-shared key) needs to die by Solandri · · Score: 2

    A simple pre-shared password makes sense if you intend the network to be publicly accessible. e.g. You run a cafe and want the guests to be able to use your wifi network for Internet access. You can tell each of them the password. Ease of use outweighs security in this use case.

    For home and corporate use, a public/private key system makes a lot more sense. There are only a few devices which you intend to give permanent wifi access to your home network (visitors can use your guest network which is protected by a simple password). Authenticate each of these devices with their own credentials using a key or certificate physically stored on the device and never transmitted over the network (the private key). If a device is ever compromised ("I lost my phone!"), you can simply revoke the credentials for that one device (delete the public key from the router) without having to make changes to every other device. This capability is already in most wifi routers - WPA2 Enterprise.

    The downside is you need to be running some sort of server to handle these authentication requests. RADIUS seems to be the common one. Routers with a RADIUS server built in are rare, but since the software is free (FreeRAIUS) I expect it'll become more common, easier to use, and eventually replace WPA2 Personal (PSK) as the default security for home wifi routers.

  9. Re:WiFi WTF by RPGonAS400 · · Score: 2

    But it is the sows that feed the young, not the boars!

  10. Re:Welcome to Io(insecure)T. by TechyImmigrant · · Score: 4, Interesting

    Security is only expensive relative to the prices for components that kettle manufacturers dream of.

    Relative to your wallet, the cost of the silicon area for some public key and symmetric crypto along with a good RNG is a fraction of a cent up front and a few cents at the end of the producer-consumer chain. This I know because it's my job to design this stuff.

    You'd probably be happy to pay a few cents extra per product for all devices to employ good crypto hardware, but somewhere along the chain is some idiot saying security is expensive.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.