Select a region
A security firm has warned that some WiFi kettles could easily be hacked, handing over your WiFi password in the process.
Web security company Pen Test Partners have been detailing in a blog post how they used social media to locate users who had WiFi kettles, then used a directional antenna and a brute force attack to guess the password and access your WiFi.
The device in question, the iKettle, is designed to save time and enable users to boil the kettle remotely using their smartphone thanks to a connection over WiFi.
But Pen Test Partners’ Ken Munro has explained how simple it could be to breach one of the kettles.
“If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle,” he said.
“Attackers will need to set up a malicious network with the same SSID but with a stronger signal that the iKettle connects to before sending a disassociation packet that will cause the device to drop its wireless link.
“So I can sit outside of your place with a directional antenna, point it at your house, knock your kettle of your access point, it connects to me, I send two commands and it discloses your wireless key in plain text.”
In his blog post, Munro also details how he was able to find the location of users by monitoring the iKettle’s Twitter account for contact with users showing off their device or asking for technical support. This, combined with a search of directories such as 192.com, enabled him to pinpoint several users.
He said he has plotted vulnerable kettles on Google Maps but has chosen not to share it publicly as that would be “unfair”.
Munro added that because a lot of users did not bother to change the default PIN when setting up their kettle, this also made them more susceptible to attack.
His final piece of advice was to “keep an eye out for updated software, but in the meantime change your PIN.”
