A smart tea kettle could show the boiling point of bad IoT security
It turns out having an intecur smart tea kettle can land you in some pretty hot water.
We decided to take a look at the ikettle from smarter, an internet of things connected device where you can boil water from an app on your phone.
IOT devices have become increasingly notorious for how easy they are to hack And we brought in Jason Hart from Gemalto Security to give us a demonstration.
It turns out there's a lot worse things that could happen than somebody boiling your water without your permission.
So what happens if a smart tea kettle gets hacked?
So there's actually two problems here.
The first one is actually the attacker taking control of your smart tea kettle.
The rules say using the kettle itself to gain access to your home wi-fi which you spent a lot of money and time and effort securing your home wi-fi network.
So no matter how secure you make your home wi-fi network it doesn't matter if it's encrypted or if your password is sixteen characters long
If this smart tea kettle or any insecure Internet of Things devices is connected to it, it can be easily hacked, as Jason demonstrated.
But first some tea.
We're just sending remote commands to the tea kettle.
In this case the kettle has six or seven different commands, the temperature, on and off, that's it.
So what command did you just send to have it boil?
We just sent AT, which is the command to say
I'm ready for this, in this particular coding language plus, hello kettle equals 0, 1 and so switch the catalog.
As you can see, Jason was able to send a command from his laptop to the smart kettle after busting through the stupid simple password, six zero's.
It's particularly bad considering that you can't change the password on this smart kettle.
But what's worse is that once a hacker like Jason is in your kettle, he's got the rest of your house too.
And someone can just come along remotely, extract that private wi-fi key and then use it against the network itself.
You know this is basic stuff.
Secondly, you know the way that the communication happening between the device.
The kettle and the app itself is clear text.
Once an attacker has your home WiFi network, the hacker pretty much has access to everything.
Your home network is as strong as your weakest link even if that low boiling point comes from a tea kettle.