Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security United Kingdom Wireless Networking

Tattling Kettles Help Researchers Crack WiFi Networks In London (pentestpartners.com) 162

New submitter campuscodi writes: Security researchers at Pen Test Partners have found a security vulnerability in the iKettle Wi-Fi Electric Kettle that allows attackers to crack the password of the WiFi network to which the kettle is connected. Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created a map of insecure WiFi networks across the city. The same researchers cracked a Samsung smart-fridge this summer to disclose Gmail passwords. If you have 6 minutes, there's a YouTube video you can watch.
This discussion has been archived. No new comments can be posted.

Tattling Kettles Help Researchers Crack WiFi Networks In London

Comments Filter:
  • Ok first... (Score:3, Insightful)

    by cayenne8 ( 626475 ) on Tuesday October 20, 2015 @11:29AM (#50766147) Homepage Journal
    ...I gotta go google what the fuck an iKettle is? Is this like a crockpot wired to the internet for some reason?
    • Ok..after post found out is it something that boils water remotely.

      Seriously, is this a need?

      Do you need it that much faster than maybe throwing a cup of water in the microwave on high for a couple minutes, or heating stovetop?

      Do you need to fire it up remotely? I just don't even see the need or market for such an item....and I love gadgets for the kitchen.

      • Re: Ok first... (Score:5, Informative)

        by xaxa ( 988988 ) on Tuesday October 20, 2015 @11:35AM (#50766203)

        Most British households have an electric kettle, a large jug with a 2-3kW heating element that heats the water to boiling point.

        It takes about 2 minutes, or less if there's less water, so I don't see why it benefits from being remote controlled.

        Cup of tea, anyone?

        • Most British households have an electric kettle, a large jug with a 2-3kW heating element that heats the water to boiling point.

          It takes about 2 minutes, or less if there's less water, so I don't see why it benefits from being remote controlled.

          Cup of tea, anyone?

          As some one that drinks a lot of tea, why not just use a stove top kettle?

        • Re: Ok first... (Score:5, Insightful)

          by TechyImmigrant ( 175943 ) on Tuesday October 20, 2015 @12:12PM (#50766491) Homepage Journal

          Oddly people in the US don't typically have an electric kettle. Yet once they've spent a week with one, they can't live without it. The bummer is the slow rate they boil relative to UK kettles. UK: 250V*13A = 3250W. US: 115V*15A = 1725W. So it takes roughly twice as long.

          The worst knock-on effect of this is that people seem happy to get tea from restaurants in the form of not-boiling water in a cup, with a tea-bag on a string for the customer to dunk. If you've never tasted tea infused at the proper temperature, you don't know what you're missing.

          I wish for the pre-storage kettle. Put a bunch of low ESR batteries in the base and charge them while not boiling. When someone boils water, combine energy from the mains and the batteries to deliver heat energy to the water.

          • f you've never tasted tea infused at the proper temperature, you don't know what you're missing.

            I'd always heard you were NOT supposed to make your tea with boiling water...just under boiling was the correct way to do it...?

            I mean, one of my favorite ways to have tea is Sun Tea where you put the bags in a glass jar/container and set out all morning in the hot summer sun and let it make that way.

            Wonderful iced tea taste, doesn't get cloudy...and it was never boiled....

            • I'd always heard you were NOT supposed to make your tea with boiling water...just under boiling was the correct way to do it...?

              I have been told by someone who knows about tea that the best way to do it is have the teapot on the other side of the kitchen from the kettle. Once the water boils, in the time it takes to carry the kettle to the teapot, the temperature is just right.

              The main thing is you don't want to boil the tea.

              • The temperature of the water depends on the type of tea. Black tea requires boiling water. White tea and green tea are different. I forget the numbers because I don't drink them. I only know this because I have a tea maker from Breville (and it's amazing) and it has settings for different types of teas. You put loose leaf tea in the basket and after the water is brought to the proper temperature the basket is lowered into the water for the right amount of time (which is adjustable). I used to drink a fa

                • News for Nerds, Stuff that Matters.

                  I wonder when Taco started this site if he ever envisioned discussing such seriously domestic endeavors as the instructions for proper tea production.

              • I'd always heard you were NOT supposed to make your tea with boiling water...just under boiling was the correct way to do it...?

                I have been told by someone who knows about tea that the best way to do it is have the teapot on the other side of the kitchen from the kettle. Once the water boils, in the time it takes to carry the kettle to the teapot, the temperature is just right.

                The main thing is you don't want to boil the tea.

                Yes. Exactly correct. with black tea you need to start with boiling water and then pour it over the tea bags, but take a few seconds between boiling and pouring so the temperature is just right.

          • I'm now attempting to resist the temptation to build one and retrofit it into my kettle.

            3D printed base to store the batteries. A simple charger-switchover circuit, a second element, a temperature sensor and a little micro to tell it when to charge and when to heat.

            Try to patent it and this slashdot post will be the prior art to destroy you in court...

          • by KGIII ( 973947 )

            I first noticed one when I was in Australia. I've owned one ever since. I used to use a coffee pot and just use it for water. I'd make instant coffee at times but I usually drank tea. I have an 'instant' hot water tap on my coffee maker in the kitchen but it's nice to not leave my upstairs office for a quick cuppa and whatnot.

        • by SQLGuru ( 980662 )

          Why not just get a coffee maker......if you want coffee, include the grounds. If you want water, don't. Or you know......just nuke the cup of water in the microwave like everyone else.

          • by jo_ham ( 604554 )

            A coffee maker doesn't heat the water to sufficient temperature to make tea.

            • Most drip coffee makers don't hear the water to a sufficient temperature to make coffee, either.

              Bialetti or french press or GTFO.

          • You still get a carry-over of coffee taste. It's slight but it's detectable and it makes anything that isn't coffee taste dreadful.

        • I don't see why it benefits from being remote controlled

          Because the future has turned into something out of a novel co-written by William Gibson and Douglas Adams.

          • As a fan of both authors, I find that to be one of the funniest and most insightful posts I have read on here in a long time.
            I don't have mod points to give you, so you will have to settle for my kudos to you.

        • Comment removed based on user account deletion
        • by AHuxley ( 892839 )
          Re "It takes about 2 minutes, or less if there's less water, so I don't see why it benefits from being remote controlled."
          It might be an idea from around the 1970's with product like Teasmade https://en.wikipedia.org/wiki/... [wikipedia.org] "... generally include an analogue alarm clock and are designed to be used at the bedside, to ensure tea is ready first thing in the morning."
          So the "remote controlled" or time aspect does has some historical product connections.
          Adding a new computer network is just more fun :)
      • Re:Ok first... (Score:4, Interesting)

        by ShanghaiBill ( 739463 ) on Tuesday October 20, 2015 @11:48AM (#50766301)

        Seriously, is this a need?

        Most products are about filling a desire rather than a need. My wife is a tea connoisseur, spending hundreds of $s on gourmet blends. I could see her buying a device like this, so she could precisely control the timing and temperature. She would certainly buy it if it came with a Python API so she could write her own tea brewing apps.

        • 5 extra minutes in bed per day sounds good to me.

        • I have a Breville tea maker and absolutely love it. It allows you to control the temperature and steeping time. I don't use the feature but I think you can set the time that it will start. I've had it about two years and I use it every day. It's on the expensive side but if you keep an eye on Amazon you can get it on sale but if mine broke I would replace the next day.

      • "Seriously, is this a need?"

        Of course it is! This is the 21st century. We have "The Internet of Things" now.

        Every device must have wifi, at the very least.

        I mean, seriously - how did people ever get by in the 20th century with no Internet-ready cookware?

        Talk about living in the stone age!
        • Re:Ok first... (Score:5, Insightful)

          by vtcodger ( 957785 ) on Tuesday October 20, 2015 @12:12PM (#50766493)

          Let me suggest that within three or four years, the Internet Of Things will be redesignated as The Internet Of Horrors due to the lousy security and the lack of real need for remotely controlled toasters, hair driers, toothbrushes and pencil sharpeners. I'm sure that people putting in 80 hour weeks at SV startups with hopes of paying off their student loans and retiring at the age of 27 will be disappointed by that. But I think in the long run, we will all be better off.

        • Yes. We must INTERNET ALL THE THINGS! [element14.com]

          Sigh. Once upon a time, a network-attached tea pot was an April Fool's joke. [ietf.org] Now it's a market category.

          I blame AOL. And the September That Never Ended. Because all the luser mundanes didn't understand that IT'S SUPPOSED TO BE A JOKE. *facepalm*

      • Ok..after post found out is it something that boils water remotely.

        Wait, you mean if I have this kettle in my house, I can use it to boil water at work? Sort of like Playstation NowTM except for boiling water?

        Technology is moving so fast I can't keep up any more.

      • I own a non-wi-fi electric kettle, which takes me a total of less than 10 seconds to walk to and flick the switch each morning to start the boil; 30 seconds if I must fill it from the tap. The internet-of-things seems to be a baseless bunch of nonsense for the purpose of proving something can be done, no matter if it should be done at all. Gosh, just think of those folks who have to literally go out to draw water from a well or river, while simultaneously scrounging wood sticks to build a fire to boil water
      • Aside from the Brits chiming in on this, I remember Alton Brown swearing by an electric kettle as a multitasker. Aside from water for tea, he recommended it for boiling eggs because of the auto-shutoff feature, which avoids overcooking resulting in a rubbery texture. It has other uses as well, even if it's just to free up a burner on your stove if you're prepping a large meal.
      • In Europe, our 230V supply allows us to have 3kW kettles which boil water in just over a minute.

        • Exactly, so you Muricans should, instead of buying IoT kettles, choose a simpler solution of either moving overseas or re-doing the electricity infrastructure in the entire country.

    • There's an Amazon link for the iKettle Wi-Fi Electric Kettle [amazon.co.uk] in TFS , Mr. "I can't read". And it says:

      • Save time and remote boil from anywhere in the house
      • Set wake up alarms and gain an extra 5 minutes in bed
      • Arrive home to the iKettle boiled and ready to pour
      • Boil ready notifications allow you to save energy by never having to re-heat
      • Avoid that bitter taste and brew at the right temperature. Choose from 65, 80, 95 and 100’c

      Talk about solving First World problems - geesh.

      • by ebcdic ( 39948 )

        It must be a very slow kettle if you can save 5 minutes by having it boil on schedule.

      • My coffee maker can be set to start at a given time and needs no internet or network connections it simply has a built in clock why complicate things farther? as for reheats the pot is vacuum insulated. It gives me a notification to it beeps.

        • Your coffee maker doesn't produce boiling water. Tea requires boiling water. Coffee doesn't.

          • Tea requires boiling water.

            Absolutely not. Boiling water releases all the dissolved gasses and makes the tea taste flat. You do not boil water for tea, you heat it to a point just below.

            The tea leaves don't care if the water is boiling.

            • Tea requires boiling water.

              Absolutely not. Boiling water releases all the dissolved gasses and makes the tea taste flat. You do not boil water for tea, you heat it to a point just below.

              The tea leaves don't care if the water is boiling.

              By the time you turn off the boiling kettle and move it to the tea kettle or mug, then pour it through the air, it is a point just below 100C. A little bit of practice helps you get the timing right.

              • By the time you turn off the boiling kettle and move it to the tea kettle or mug, then pour it through the air, it is a point just below 100C.

                But the water has already boiled. The tea leaves don't care if the water is boiling, it's boiling the water that is the mistake. And no, making tea does NOT require boiling water.

                In car terms, it doesn't matter if you step on the brake after you see the cop, he's already clocked you at 10 over the speed limit and he can write you a ticket.

          • I think the point wasn't that you could use their coffeemaker for making tea, but rather the technology to heat water at a predetermined time doesn't, and oughtn't, be more complicated than their coffeemaker.
        • Because of Daylight Savings Time. Twice a year you manually have to correct the clock.

          Life is hard.

      • Re:Ok first... (Score:4, Interesting)

        by TechyImmigrant ( 175943 ) on Tuesday October 20, 2015 @12:51PM (#50766875) Homepage Journal

        Talk about solving First World problems - geesh.

        I live in the first world. I have first world problems. I have no shame in solving them.

        • I live in the first world. I have first world problems. I have no shame in solving them.

          It might be time to get some. Shame, I mean.

          • I live in the first world. I have first world problems. I have no shame in solving them.

            It might be time to get some. Shame, I mean.

            Only if it's WiFi connected.

          • by KGIII ( 973947 )

            There's an app for that?!?

            $ apt-cache search shame

            'Snot in my repo and I'm too lazy to go find my phone.

      • Arrive home to the iKettle boiled and ready to pour

        Having remote controlled heating elements in an unoccupied house or apartment is a recipe for disaster.

        How about: walk in the door, flip the switch on the normal pot, kick off the shoes, hang up the coat, turn on the TV, pour a stiff drink, what was the boiling water for again?

        Avoid that bitter taste and brew at the right temperature. Choose from 65, 80, 95 and 100â(TM)c

        Using water that has sat in the pot all day, losing dissolved gasses and depositing lime for the next pot, getting the bitter taste right back again.

        Talk about solving First World problems - geesh.

        Especially since many European kitchens already have a hot water heater on-deman

    • Or.... you could click on the link to the article...

      I know, I know, this is Slashdot...

      • by Thud457 ( 234763 )
        I don't see anything describing a low/no water safety shutoff. So hackers can turn it to 100C right when you leave the house in the morning and have your house burnt down by lunchtime?

        Also, it seems that a wifi control app would be ideal for a sous vide cooker. That shouldn't be much more complicated than a crockpot, why are they so damn expensive?
        • Also, it seems that a wifi control app would be ideal for a sous vide cooker. That shouldn't be much more complicated than a crockpot, why are they so damn expensive?

          1. Because it has such a pretentious-sounding name.
          2. Because it has to come with a 250 page book describing what "sous vide" is.
          3. Because Gordon Ramsey doesn't do it, so nobody else wants to, except those who watch pretentious cooking shows with Michelin chefs. (Doesn't Michelin make tires?)
          4. Because rich people wouldn't pay for it if it was called "boil in bag".
          • by yzf750 ( 178710 )

            Also, it seems that a wifi control app would be ideal for a sous vide cooker. That shouldn't be much more complicated than a crockpot, why are they so damn expensive?

            1. Because it has such a pretentious-sounding name.
            2. Because it has to come with a 250 page book describing what "sous vide" is.
            3. Because Gordon Ramsey doesn't do it, so nobody else wants to, except those who watch pretentious cooking shows with Michelin chefs. (Doesn't Michelin make tires?)
            4. Because rich people wouldn't pay for it if it was called "boil in bag".

            Sous Vide means under pressure. Not that pretentious. Michelin makes tires. They also make maps and travel guides, presumably to make people drive more, hence needing tires more often. Providing ratings for restaurants goes along with this. Sous Vide is not about "boiling in a bag" most sous vide cooking is not done at boiling temperatures. Purpose built sous vide cookers are expensive because they are niche products. They also usually have some form of circulation and precise temperature control. C

            • Sous Vide means under pressure.

              No it doesn't.

              I bet you don't even know what language it is, you fat cunt.

            • Sous Vide means under pressure.

              No. Sous vide is french for "under vacuum" according to at least one source [wikipedia.org]. It is, indeed, a pretentious name, and apparently you need that 250 page book to explain it to you.

              As for the rest, whoosh. It may not involve boiling in the bag, but it's still putting stuff in a bag and then into hot water to cook it. Just like all the "boil in bag" stuff that you don't actually have to boil, just bring up to temperature.

        • by jo_ham ( 604554 )

          I don't see anything describing a low/no water safety shutoff. So hackers can turn it to 100C right when you leave the house in the morning and have your house burnt down by lunchtime?

          Also, it seems that a wifi control app would be ideal for a sous vide cooker. That shouldn't be much more complicated than a crockpot, why are they so damn expensive?

          It's a kettle. It has low/no water safety shutoff as a given.

          That's like criticising a computer for not advertising that the CPU has a thermal protection system built into it.

    • This is like Talkie the Toaster, but it's a tea kettle?
      And all modern crackpots are wired to the internet these days.
    • Sounds like the iToilet.

      • "Sounds like the iToilet."

        Yep, simply login from your Iphone to flush from anywhere in the world.

        Just make sure to share the (strong, secure) password with family/friends/roomies or you'll be in for a load of shit when you get home.
  • by jellomizer ( 103300 ) on Tuesday October 20, 2015 @11:36AM (#50766211)

    When will you learn a Wi-Fi enable Tea Kettle is a horrible Idea.
    Oh I just got a message from my Wi-Fi enabled coffee machine that my coffee is done.
     

    • When will you learn a Wi-Fi enable Tea Kettle is a horrible Idea.
      Oh I just got a message from my Wi-Fi enabled coffee machine that my coffee is done.

      But an electric tea kettle is a great idea. Most of the USA hasn't caught on to the electric tea kettle yet. Something that astounds people from the rest of the world when visiting the US. If the iCandy is the gateway drug to get electric kettles into the USA, I'm all for it.

  • by Anonymous Coward on Tuesday October 20, 2015 @11:39AM (#50766231)

    This is a case of the pot calling the kettle hacked.

    [Puts on sunglasses] Yeah!

  • by Sir_Eptishous ( 873977 ) on Tuesday October 20, 2015 @11:42AM (#50766267)
    An ip assigned kettle?!? WTF?!?!

    Are you seriously telling me people would buy this and connect it to their wifi and then "manage" it via an app on their phone.
    That has to be the epitome of laziness...

    Here is the best part:

    Invite friends with the new social features. Send messages and invites through the Smarter app via Twitter, Facebook and more. Get together with friends and family and have a tea together. Make drink requests or ask a friend how they would like their tea or coffee before you forget to add the sugar.

    • Great! Now I can be micromanaged at home over "your kettle says you steeped your tea for 1m30s at 173 degrees! Savage! This is an Oolong or gods sake!"
      • Great! Now I can be micromanaged at home over "your kettle says you steeped your tea for 1m30s at 173 degrees! Savage! This is an Oolong or gods sake!"

        Isn't that illegal?
        You'll have the tea inspectors round if you aren't careful.

    • Get together with friends and family and have a tea together.

      I have heard that you can do that without a WiFi-enabled tea kettle.

  • Security is a) expensive b) requires sustained effort to maintain. There is absolutely no way to make this work with a market of cheap disposable consumer electronics.
    • by TechyImmigrant ( 175943 ) on Tuesday October 20, 2015 @01:00PM (#50766959) Homepage Journal

      Security is only expensive relative to the prices for components that kettle manufacturers dream of.

      Relative to your wallet, the cost of the silicon area for some public key and symmetric crypto along with a good RNG is a fraction of a cent up front and a few cents at the end of the producer-consumer chain. This I know because it's my job to design this stuff.

      You'd probably be happy to pay a few cents extra per product for all devices to employ good crypto hardware, but somewhere along the chain is some idiot saying security is expensive.

  • Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created a map of insecure WiFi networks across the city.

    How much more click baity can you get?
    And how is this a surprise? EVERY device you allow to connect to your wifi network is allowed to do so. Did you know your phone has a file in it that STORES YOUR WIFI PASSWORDS?!

    • by sinij ( 911942 )

      How much more click baity can you get?

      Since you asked.

      A group of strange men non-consensualy force their way onto your WiFi. Are your teenage daughters in danger?

  • by orgelspieler ( 865795 ) <w0lfieNO@SPAMmac.com> on Tuesday October 20, 2015 @11:58AM (#50766391) Journal
    Remember back in the 90's when those virus hoaxes would go around saying Bill Gates was going to reset the thermometer in your freezer and melt all your ice cream? I see a new rash of those emails going around, about how hackers can make your tea steep at 80C. Oh the horror!!
  • by kheldan ( 1460303 ) on Tuesday October 20, 2015 @12:21PM (#50766575) Journal
    Why the actual fuck does anyone need a gods-be-damned WiFi-enabled kettle in the first place? Too lazy to walk ten steps to the kitchen to turn the thing on? Really? Seriously, we've come to this?
  • I assume these WiFi-enabled kettles are from the Useless As Tits On A Boar range.
  • Seriously, no "418 I'm a teapot" error [ietf.org]?
  • by Solandri ( 704621 ) on Tuesday October 20, 2015 @12:50PM (#50766867)
    A simple pre-shared password makes sense if you intend the network to be publicly accessible. e.g. You run a cafe and want the guests to be able to use your wifi network for Internet access. You can tell each of them the password. Ease of use outweighs security in this use case.

    For home and corporate use, a public/private key system makes a lot more sense. There are only a few devices which you intend to give permanent wifi access to your home network (visitors can use your guest network which is protected by a simple password). Authenticate each of these devices with their own credentials using a key or certificate physically stored on the device and never transmitted over the network (the private key). If a device is ever compromised ("I lost my phone!"), you can simply revoke the credentials for that one device (delete the public key from the router) without having to make changes to every other device. This capability is already in most wifi routers - WPA2 Enterprise.

    The downside is you need to be running some sort of server to handle these authentication requests. RADIUS seems to be the common one. Routers with a RADIUS server built in are rare, but since the software is free (FreeRAIUS) I expect it'll become more common, easier to use, and eventually replace WPA2 Personal (PSK) as the default security for home wifi routers.
    • Most people don't even know about their Comcast-supplied routers costing them $8/mo and offering a publicly accessible access point to other Comcast subscribers, let alone know the difference between PSK and RADIUS, use WPS, or have the forethought to do proper backup. PSK is here to stay.
  • Basically the overwhelm the poor tea kettle with directional antenna and jam it to drop its wifi connection. Then when it tries to reestablish contact they spoof the wi-fi access point and grab the credentials. Why would this not work with other devices? How do the client devices authenticate the wi-fi access point before divulging the network password?
  • They were so quick to go after Google for riding around mapping open wifi networks, while these guys are actually hacking router passwords! Yet all people talk about is the WTF factor of a network-enabled electric kettle.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...