A WiFi connected tea kettle, the iKettle, was recently tested by Pen Test Partners and found severely lacking, spewing forth WiFi access codes for encrypted networks to unencrypted clients with just a few tricks. As reported by geek.com:
Ken Munro, a researcher at Pen Test Partners, recently took to the stage in London to show off what he and his co-workers discovered. Their mark was the iKettle, which was proclaimed "the world's first WiFi kettle" by its creators on the crowd-funding site Firebox.
He was able to trick the kettle into connecting to an unencrypted WiFi network just by giving it the same name as the encrypted network it was originally connected to and using a directional antenna to make sure the signal was loud and clear. Once they'd hijacked the wireless connection, Munro and his partner were able to convince the iKettle to spill the key for the encrypted network.
All it took was two little commands sent via Telnet. And being the helpful little kettle that it is, it even handed Munro the key in plain text.
Original Story: http://www.geek.com/news/connected-kettles-found-brewing-up-security-problems-1637249/
(Score: 5, Funny) by kurenai.tsubasa on Wednesday October 21 2015, @01:17PM
Ah, I've found the problem! It's not RFC 2324 [ietf.org] compliant!
(Score: 4, Funny) by Zinho on Wednesday October 21 2015, @04:12PM
Ah, I've found the problem! It's not RFC 2324 compliant!
And if they haven't taken even that minimal step, there's no chance they'd have implemented the Team-Brewing extensions to Hyper Text Coffee Pot Control Protocol (HTCPCP ) outlined in RFC 7168, [ietf.org] The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA).
If the philistines can't even be bothered to look up the relevant standards, I have no sympathy for their security problems.
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin