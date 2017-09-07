2:21 Close Drag Autoplay: ON Autoplay: OFF

A smart kettle that lets you boil water from an app seems cool -- until hackers decide to join your tea party.

Smart gadgets, also known as internet of things devices, are notoriously bad with security. These IoT objects, whether they're televisions, refrigerators or security cameras, come with flaws related to their online connections and simple functions. Hacks, which can allow an attacker to take over your home's Wi-Fi network, often happen because manufacturers don't consider security when creating their connected devices. The problem has gotten so bad, so quickly that four US senators last month introduced a bill requiring connected devices to reach a minimum standard of security.

CNET invited Jason Hart, a researcher at Gemalto Security, to show us how vulnerable even the seemingly least-harmless IoT device can be. He brought in Smarter's iKettle, a Wi-Fi-enabled gadget for your kitchen, which lets you boil water from an app on your phone. It also sends you a notification once the water is ready and keeps the water hot.

Its functions are simple and, unfortunately, so is its security. The password, which Hart broke in minutes, is "000000," and it cannot be changed. A hard-coded password is a security flaw in many IoT devices, Hart noted.

The iKettle maker did not respond to a request for comment.

Once the kettle is hijacked, a hacker can control it without any other permissions. A hacker can, for example, boil water without you knowing. But obviously worse things can happen.

"The attacker could use the kettle itself to gain access to your home Wi-Fi," Hart said. "Someone could come along and extract your home Wi-Fi remotely, and then use it against your network."

