The iKettle can be turned on using a smartphone app, so a thirsty person won’t have to get up and start the water boiling to get a nice cuppa. Ken Munro, a researcher with Pen Test Partners, said he’s been able to tap WiFi passwords “easily” from the kettle.
“If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle,” Munro told The Register. “Attackers will need to setup a malicious network with the same SSID but with a stronger signal that the iKettle connects to before sending a disassociation packet that will cause the device to drop its wireless link.”
That means he can sit outside someone’s house with a directional antenna pointed at it, boot the kettle off its access point and connect it to him instead. Once that’s done, he can get it to cough up wireless passwords in plain text.
Some Android app users are more easily hacked since passwords remain on default unless they’re changed — which is a good reminder to always change your password whenever you buy a new smart appliance or other product that connects to the Internet.