Other issues in this category (11)
Of kettles and men
Wednesday, October 16, 2019
"And the three educational games—Guess the Colour, Train Attention and Train Memory—will keep your children busy!" Try to guess what device we are talking about. The answer is a kettle or, to be more precise, a smart kettle. "Set how often the colour changes and play funky music (or a soft tune), and the kettle will create an atmosphere that matches the mood of your family members".
But why is the Anti-virus Times talking about a kettle? Well, the answer is simple: the device uses Bluetooth and Wi-Fi connectivity, and, therefore, it can become a target for hacker attacks. To seize control over the device, Intruders may take advantage of vulnerability exploits or simply crack the password. The latter is more likely since default passwords are absent altogether or printed in user guides. And, of course, that password needs to be changed as soon as possible. But who actually bothers to do that? Furthermore, how many ordinary users can upgrade a kettle’s firmware to patch vulnerabilities? We think you know the answer.
Hackers now use smart kettles to mine cryptocurrencies and mount DDoS attacks. More often than not, kettle owners neglect to set a password—the most critical vulnerability of all.
The publication also indicates that as many as 25% of gadget owners do not realise that devices featuring network connectivity require protection. We believe that this is a very conservative estimate.
"If you never change your kettle’s settings, hackers will have an easy time discovering the location of your household and gaining control over the device", Ken Munro says. "Attackers will need to set up a malicious network with the same SSID but a signal stronger than the one the iKettle usually connects to and then send the kettle a disassociation packet that will cause it to drop its wireless link".
. "Attackers will need to set up a malicious network with the same SSID but a signal stronger than the one the iKettle usually connects to and then send the kettle a disassociation packet that will cause it to drop its wireless link".
And don't assume that a hacker will just want to make some tea!
Then I just need to feed two commands to the kettle, and I will have your Wi-Fi access password in plain text.
And what if the same thing happens to a smart door lock rather than to an ikettle?
Research conducted by Hewlett-Packard shows that 70% of devices accessing the internet are easy to hack into. As many as 60% of them had unpatched vulnerabilities in their web interface.
The Anti-virus Times recommends
- Change the default password on every device you buy before you start using it—common passwords can easily be cracked.
- Make sure that your device uses a secure communication channel (HTTPS).
- Install updates.
- Once you have finished setting up your device, log off from the configuration interface. Don't just close the browser—sign out.