WiFi Kettles in London Found Leaking Home Network Passwords

Do you own one of those swanky, if not entirely necessary, Kettles with built-in WiFi (e.g. iKettle)? The chances are that you don’t, but if you did then you’d need to be careful because ethical hackers in London are showing just how easy it is to steal your home network key (PSK).

The idea of such kettles is that they can be controlled from an iOS / Android based Smartphone or Tablet, which means you can boil it before you get home or from another room, which doesn’t sound especially wise. In our opinion such things should always be supervised and in any case you still have to put water into the thing.

However the security, or lack thereof, involved with such devices is not a new concern and in fact Pen Test Partners has already revealed the problem in some detail (here and here). Such Kettles can be particularly easy to hack because they don’t verify the WiFi access point by anything other than SSID.

On top of that if you have an un-configured iKettle then you’ve probably also still got the default device PIN code of “000000” assigned, which means that a hacker can use this knowledge to brute force the device into essentially leaking out the key code for your home WiFi network.

A new map of vulnerable devices in London has been published that appears to show just how common this problem could be and that wasn’t even an extensive study. Once inside your network the hackers would no doubt attempt to gain admin access to your router as well, but that’s another challenge. Also they could ruin the kettle by keeping it hot or re-boiling it, which increases the risk of fire or personal harm.

In the meantime the best solution, until an update is released, is probably to switch the Kettle on and off at the mains when you want to boil it.. you know, kind of like how a normal kettle works. Actually, you could just buy a normal kettle.