A security man has mapped and hacked insecure connected kettles across London, proving they can leak WiFi passwords.
The iKettle is designed to save users precious seconds spent waiting for water to boil by allowing the kitchen staple to be turned on using a smartphone app.
Pen Test Partners bod Ken Munro says hackers can make more than a cuppa, however: armed with some social engineering data, a directional antenna, and some networking gear they can "easily" cause the iKettle to spew WiFi passwords.
"If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle," Munro says. "Attackers will need to setup a malicious network with the same SSID but with a stronger signal that the iKettle connects to before sending a disassociation packet that will cause the device to drop its wireless link....
Via Jeff Domansky
Great story about the potential security issues with IoT products. it highlights how did simple it is to hack devices that are poorly or not configured or password-protected. Who'd a thought? Invasion of the connected kettles?