Easily Hacked Tea Kettle Latest To Highlight Pathetic Internet Of Things 'Security'
from the pwned-Earl-Grey dept
While these companies are desperately trying to highlight the wonderful future of Internet connected devices, they've inadvertently been creating advertisements for why many devices should just remain stupid. Especially if you're going to cut corners in development so device security is an afterthought, or cut corners post release when it comes to quickly identifying and patching exploits.
The latest case in point: the $150 iKettle by UK company Smarter promises to save its users "two days a year in wasted waiting time" over traditional tea kettles. How? Users can remotely turn the kettle on from anywhere via smartphone app, potentially letting users walk into the house just as the kettle comes to a boil. Avoiding the horrible task of having to walk a few feet and wait a few minutes is the pinnacle of modern engineering to be sure; the problem is that for the better part of this year researchers have been noting that the security on the kettle was virtually nonexistent:
"If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle," Munro says. "Attackers will need to setup a malicious network with the same SSID but with a stronger signal that the iKettle connects to before sending a disassociation packet that will cause the device to drop its wireless link. "So I can sit outside of your place with a directional antenna, point it at your house, knock your kettle of your access point, it connects to me, I send two commands and it discloses your wireless key in plain text."The researchers call the current state of IOT security "utterly bananas," and warn readers of their blog not to "put pointless ‘Internet of Things’ devices on your home network, unless their security is proven." For what it's worth, the company behind the not-so-smart kettle tells several other news outlets that it will be updating the kettle's companion app to eliminate the security vulnerability -- sometime next month. So yeah, we've ingeniously "solved" the problem of having to walk a few feet to turn on the kettle, but created countless new problems while simultaneously advertising the benefits of competing dumb products.