Tuesday, 20 October 2015

Smart Kettle iKettle 2.0 Leaking WiFi Key

A smart kettle which it is possible to cook over the local Wi-Fi network water seems to leak the WiFi key. This has security researcher Ken Munro of the British Pen Test Partners discovered. The iKettle 2.0 is developed by Smarter kettle which is operated via the smartphone.

In the first version of the kettle was found that the device is vulnerable to an attack where the malicious attacker a Wi-Fi network setup. The kettle simply showed the SSID to use for authentication. Once the kettle with the malicious Wi-Fi network connection allows an attacker can retrieve via Telnet the WPA key of the original Wi-Fi network in plain text and connect with this.

Munro since the problems with the first iKettle in June demonstrated there is a new version appeared on the market, the iKettle 2.0. This version, despite the new version number with the same problems to worry, says Munro. Ascertaining the WiFi key would be especially easy when the Android app is used for operating the kettle, but the attack is also to perform in users of the iPhone app.

The researcher advises owners of smart kettle to turn it on only when water should be boiled and then off again.Furthermore, any update from the manufacturer must be installed directly. Also advised is not nonsensical 'Internet of Things' devices being connected to the home network, unless the security of the manufacturer has been tested and proven.

No comments:

Post a Comment