Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tattling Kettles Help Researchers Crack WiFi Networks In London (pentestpartners.com)

Posted by timothy on from the hi-fi-jumprope dept.

New submitter campuscodi writes: Security researchers at Pen Test Partners have found a security vulnerability in the iKettle Wi-Fi Electric Kettle that allows attackers to crack the password of the WiFi network to which the kettle is connected. Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created a map of insecure WiFi networks across the city. The same researchers cracked a Samsung smart-fridge this summer to disclose Gmail passwords. If you have 6 minutes, there's a YouTube video you can watch.

5 of 162 comments (clear)

  1. Re: Ok first... by xaxa · · Score: 4, Informative

    Most British households have an electric kettle, a large jug with a 2-3kW heating element that heats the water to boiling point.

    It takes about 2 minutes, or less if there's less water, so I don't see why it benefits from being remote controlled.

    Cup of tea, anyone?

  2. This case... by Anonymous Coward · · Score: 5, Funny

    This is a case of the pot calling the kettle hacked.

    [Puts on sunglasses] Yeah!

  3. Re: Ok first... by TechyImmigrant · · Score: 5, Insightful

    Oddly people in the US don't typically have an electric kettle. Yet once they've spent a week with one, they can't live without it. The bummer is the slow rate they boil relative to UK kettles. UK: 250V*13A = 3250W. US: 115V*15A = 1725W. So it takes roughly twice as long.

    The worst knock-on effect of this is that people seem happy to get tea from restaurants in the form of not-boiling water in a cup, with a tea-bag on a string for the customer to dunk. If you've never tasted tea infused at the proper temperature, you don't know what you're missing.

    I wish for the pre-storage kettle. Put a bunch of low ESR batteries in the base and charge them while not boiling. When someone boils water, combine energy from the mains and the batteries to deliver heat energy to the water.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  4. Re:Ok first... by vtcodger · · Score: 4, Insightful

    Let me suggest that within three or four years, the Internet Of Things will be redesignated as The Internet Of Horrors due to the lousy security and the lack of real need for remotely controlled toasters, hair driers, toothbrushes and pencil sharpeners. I'm sure that people putting in 80 hour weeks at SV startups with hopes of paying off their student loans and retiring at the age of 27 will be disappointed by that. But I think in the long run, we will all be better off.

    --
    You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
  5. Re:Welcome to Io(insecure)T. by TechyImmigrant · · Score: 4, Interesting

    Security is only expensive relative to the prices for components that kettle manufacturers dream of.

    Relative to your wallet, the cost of the silicon area for some public key and symmetric crypto along with a good RNG is a fraction of a cent up front and a few cents at the end of the producer-consumer chain. This I know because it's my job to design this stuff.

    You'd probably be happy to pay a few cents extra per product for all devices to employ good crypto hardware, but somewhere along the chain is some idiot saying security is expensive.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.