Security

How your home Wi-Fi security could end up in hot water

Say you had a connected tea kettle, and it had an unchangeable password of only six characters.

Smart devices are becoming an open invitation for hackers into homes.

Taken altogether, they're known as the internet of things, and they're notoriously bad with security. These IoT objects, whether they're televisions, refrigerators or security cameras, often come with flaws related to their online connections and their simple functions. Hacks could allow an attacker to take over your home's Wi-Fi network or co-opt your gadgets for malicious activities.

That's because manufacturers don't always consider security when creating their connected devices. The problem has gotten so bad so quickly that four US senators last month introduced a bill requiring connected devices to reach a minimum standard of security

Now Playing: Watch this: A smart tea kettle could show the boiling point of bad...
2:10

Jason Hart, a researcher at Gemalto Security, demonstrated how vulnerable even the seemingly most innocent IoT device can be. He brought in a first-generation iKettle, a Wi-Fi-enabled gadget for your kitchen, which lets you boil water from an app on your phone. It also sends you a notification once the water is ready and keeps the water hot.

We should note that the device, which ended production more than a year ago, has been replaced by second- and third-generation models that have much stronger security. The vulnerability that Hart demonstrated was first discovered in 2015 by researchers from Pen Test Partners, an IoT security firm based in the UK. 

It no longer applies to any iKettles that London-based Smarter is producing or to its updated app, according to Michael Hutchison, a company spokesman. 

The outdated kettle had a hard-coded password of "000000," a security flaw common to many IoT devices, Hart noted.

Once the first-generation kettle was hijacked, Hart was able to control it without any other permissions. He started boiling the water without permission. But obviously worse things can happen.

"The attacker could use the kettle itself to gain access to your home Wi-Fi," Hart said. "Someone could come along and extract your home Wi-Fi remotely, and then use it against your network."

Smarter sells into 27 countries, but the iKettle has never been available in the US.

Correction, Sept. 11 at 9:48 a.m.: This story misstated the status of the vulnerability. It is now outdated.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

iHate: CNET looks at how intolerance is taking over the internet.