Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday October 21 2015, @09:47AM   Printer-friendly
from the consumers-are-steaming-mad dept.

A WiFi connected tea kettle, the iKettle, was recently tested by Pen Test Partners and found severely lacking, spewing forth WiFi access codes for encrypted networks to unencrypted clients with just a few tricks. As reported by geek.com:

Ken Munro, a researcher at Pen Test Partners, recently took to the stage in London to show off what he and his co-workers discovered. Their mark was the iKettle, which was proclaimed "the world's first WiFi kettle" by its creators on the crowd-funding site Firebox.

He was able to trick the kettle into connecting to an unencrypted WiFi network just by giving it the same name as the encrypted network it was originally connected to and using a directional antenna to make sure the signal was loud and clear. Once they'd hijacked the wireless connection, Munro and his partner were able to convince the iKettle to spill the key for the encrypted network.

All it took was two little commands sent via Telnet. And being the helpful little kettle that it is, it even handed Munro the key in plain text.

Original Story: http://www.geek.com/news/connected-kettles-found-brewing-up-security-problems-1637249/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Funny) by kurenai.tsubasa on Wednesday October 21 2015, @01:17PM

    by kurenai.tsubasa (5227) on Wednesday October 21 2015, @01:17PM (#252712) Journal

    Ah, I've found the problem! It's not RFC 2324 [ietf.org] compliant!

    Starting Score:    1  point
    Moderation   +3  
       Funny=3, Total=3
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 4, Funny) by Zinho on Wednesday October 21 2015, @04:12PM

    by Zinho (759) on Wednesday October 21 2015, @04:12PM (#252816)

    Ah, I've found the problem! It's not RFC 2324 compliant!

    And if they haven't taken even that minimal step, there's no chance they'd have implemented the Team-Brewing extensions to Hyper Text Coffee Pot Control Protocol (HTCPCP ) outlined in RFC 7168, [ietf.org] The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA).

    If the philistines can't even be bothered to look up the relevant standards, I have no sympathy for their security problems.

    --
    "Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin