A digital security expert in London has been able to create a map of all the “insecure” iKettles across the city and hack them, just to prove that homeowners’ WiFi passwords can be easily leaked.
Using the iKettle, which uses a smartphone to start boiling water for tea, Ken Munro of Pen Test Partners was able to use “some social engineering data, a directional antenna, and some networking gear” to learn the WiFi passwords of a number of homes, according to The Register.
“If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle,” Munro told The Register. “Attackers will need to setup a malicious network with the same SSID but with a stronger signal that the iKettle connects to before sending a disassociation packet that will cause the device to drop its wireless link. So I can sit outside of your place with a directional antenna, point it at your house, knock your kettle [off] your access point, it connects to me, I send two commands and it discloses your wireless key in plain text.”
Pen Test Partners was also behind the Gmail credential hack from earlier this year, which provided that it was possible to access an individual’s Gmail login information through one of Samsung’s smart refrigerators.