Security Researcher Successfully Steals Home WiFi Passwords By Hacking Into Tea Kettles

While it might be super convenient to have everything in your home connected to the Internet, that interconnectivity can also give attackers a chance to sneak in through seemingly innocent devices. Take the humble tea kettle: a security researcher in England has been hacking into smart kettles across the country and gaining access to private WiFi networks.

The iKettle can be turned on using a smartphone app, so a thirsty person won’t have to get up and start the water boiling to get a nice cuppa. Ken Munro, a researcher with Pen Test Partners, said he’s been able to tap WiFi passwords “easily” from the kettle.

“If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle,” Munro told The Register. “Attackers will need to setup a malicious network with the same SSID but with a stronger signal that the iKettle connects to before sending a disassociation packet that will cause the device to drop its wireless link.”

That means he can sit outside someone’s house with a directional antenna pointed at it, boot the kettle off its access point and connect it to him instead. Once that’s done, he can get it to cough up wireless passwords in plain text.

Some Android app users are more easily hacked since passwords remain on default unless they’re changed — which is a good reminder to always change your password whenever you buy a new smart appliance or other product that connects to the Internet.

Connected kettles boil over, spill Wi-Fi passwords over London [The Register]