Tattling Kettles Help Researchers Crack WiFi Networks In London (pentestpartners.com) 162
New submitter campuscodi writes: Security researchers at Pen Test Partners have found a security vulnerability in the iKettle Wi-Fi Electric Kettle that allows attackers to crack the password of the WiFi network to which the kettle is connected. Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created a map of insecure WiFi networks across the city. The same researchers cracked a Samsung smart-fridge this summer to disclose Gmail passwords. If you have 6 minutes, there's a YouTube video you can watch.
Ok first... (Score:3, Insightful)
Re: (Score:2)
Seriously, is this a need?
Do you need it that much faster than maybe throwing a cup of water in the microwave on high for a couple minutes, or heating stovetop?
Do you need to fire it up remotely? I just don't even see the need or market for such an item....and I love gadgets for the kitchen.
Re: Ok first... (Score:5, Informative)
Most British households have an electric kettle, a large jug with a 2-3kW heating element that heats the water to boiling point.
It takes about 2 minutes, or less if there's less water, so I don't see why it benefits from being remote controlled.
Cup of tea, anyone?
Re: (Score:2)
Most British households have an electric kettle, a large jug with a 2-3kW heating element that heats the water to boiling point.
It takes about 2 minutes, or less if there's less water, so I don't see why it benefits from being remote controlled.
Cup of tea, anyone?
As some one that drinks a lot of tea, why not just use a stove top kettle?
Re: Ok first... (Score:4, Informative)
main reason, electric kettles turn off by themselves.
Re: (Score:3)
Because an electric kettle is much quicker and more convenient. Stove top kettles are only found in museums.
Re: Ok first... (Score:5, Insightful)
Oddly people in the US don't typically have an electric kettle. Yet once they've spent a week with one, they can't live without it. The bummer is the slow rate they boil relative to UK kettles. UK: 250V*13A = 3250W. US: 115V*15A = 1725W. So it takes roughly twice as long.
The worst knock-on effect of this is that people seem happy to get tea from restaurants in the form of not-boiling water in a cup, with a tea-bag on a string for the customer to dunk. If you've never tasted tea infused at the proper temperature, you don't know what you're missing.
I wish for the pre-storage kettle. Put a bunch of low ESR batteries in the base and charge them while not boiling. When someone boils water, combine energy from the mains and the batteries to deliver heat energy to the water.
Re: (Score:2)
I'd always heard you were NOT supposed to make your tea with boiling water...just under boiling was the correct way to do it...?
I mean, one of my favorite ways to have tea is Sun Tea where you put the bags in a glass jar/container and set out all morning in the hot summer sun and let it make that way.
Wonderful iced tea taste, doesn't get cloudy...and it was never boiled....
Re: (Score:3)
I have been told by someone who knows about tea that the best way to do it is have the teapot on the other side of the kitchen from the kettle. Once the water boils, in the time it takes to carry the kettle to the teapot, the temperature is just right.
The main thing is you don't want to boil the tea.
Re: (Score:2)
The temperature of the water depends on the type of tea. Black tea requires boiling water. White tea and green tea are different. I forget the numbers because I don't drink them. I only know this because I have a tea maker from Breville (and it's amazing) and it has settings for different types of teas. You put loose leaf tea in the basket and after the water is brought to the proper temperature the basket is lowered into the water for the right amount of time (which is adjustable). I used to drink a fa
Re: (Score:2)
News for Nerds, Stuff that Matters.
I wonder when Taco started this site if he ever envisioned discussing such seriously domestic endeavors as the instructions for proper tea production.
Re: (Score:2)
I have been told by someone who knows about tea that the best way to do it is have the teapot on the other side of the kitchen from the kettle. Once the water boils, in the time it takes to carry the kettle to the teapot, the temperature is just right.
The main thing is you don't want to boil the tea.
Yes. Exactly correct. with black tea you need to start with boiling water and then pour it over the tea bags, but take a few seconds between boiling and pouring so the temperature is just right.
Re: (Score:2)
I'm now attempting to resist the temptation to build one and retrofit it into my kettle.
3D printed base to store the batteries. A simple charger-switchover circuit, a second element, a temperature sensor and a little micro to tell it when to charge and when to heat.
Try to patent it and this slashdot post will be the prior art to destroy you in court...
Re: (Score:2)
What is this "prior art" concept you speak of? It sounds antiquated; I'll race you to the patent office.
The prior art is what I thought of this morning (a kettle with rechargeable batteries in the base that speed up the boiling when used by adding to the power from the mains). By posting the idea here in the open, no one else could patent such a thing.
Re: (Score:2)
I first noticed one when I was in Australia. I've owned one ever since. I used to use a coffee pot and just use it for water. I'd make instant coffee at times but I usually drank tea. I have an 'instant' hot water tap on my coffee maker in the kitchen but it's nice to not leave my upstairs office for a quick cuppa and whatnot.
Re: (Score:2)
Your answer is interesting mix mostly correct and subtly (but really) wrong.
In most modern US houses the kitchen has 20 amp circuits, but the the standard US plug and outlet (with parallel blades) is only rated at 15 amps.Worse yet, UL and similar safety agencies will not pass (certify) an appliance that draws a continuous load of more than 85% of the plug's rating. So here in the US we are stuck with toasters, hairdryers, space heaters and electric kettles rated at 1500 watts at most (120 x 12,5)
As for th
Re: (Score:2)
Judging by his post, he probably wired (some) of it by himself and now has "faulty breakers." You know, someone else's fault.
that is incorrect (Score:2)
General-purpose cord-and-plug connected items are allowed to use the full 15A. (This is why power tools can be 15A.) 14AWG copper conductors are actually rated for 20A for static loads like electric heat, they just downrate them to 15A for general circuits because of the possibility of multiple devices being plugged in at once and to allow for motor loads.
As for why appliances don't use the full allowed amperage...most people don't care so they manufacturers don't either.
That said, it is possible to get 1
Re: (Score:3)
Why not just get a coffee maker......if you want coffee, include the grounds. If you want water, don't. Or you know......just nuke the cup of water in the microwave like everyone else.
Re: (Score:2)
A coffee maker doesn't heat the water to sufficient temperature to make tea.
Re: (Score:2)
Most drip coffee makers don't hear the water to a sufficient temperature to make coffee, either.
Bialetti or french press or GTFO.
Re: (Score:3)
You still get a carry-over of coffee taste. It's slight but it's detectable and it makes anything that isn't coffee taste dreadful.
Re: (Score:3)
I don't see why it benefits from being remote controlled
Because the future has turned into something out of a novel co-written by William Gibson and Douglas Adams.
Re: (Score:2)
As a fan of both authors, I find that to be one of the funniest and most insightful posts I have read on here in a long time.
I don't have mod points to give you, so you will have to settle for my kudos to you.
Re: (Score:2)
Re: (Score:2)
It might be an idea from around the 1970's with product like Teasmade https://en.wikipedia.org/wiki/... [wikipedia.org] "... generally include an analogue alarm clock and are designed to be used at the bedside, to ensure tea is ready first thing in the morning."
So the "remote controlled" or time aspect does has some historical product connections.
Adding a new computer network is just more fun
Re:Ok first... (Score:4, Interesting)
Seriously, is this a need?
Most products are about filling a desire rather than a need. My wife is a tea connoisseur, spending hundreds of $s on gourmet blends. I could see her buying a device like this, so she could precisely control the timing and temperature. She would certainly buy it if it came with a Python API so she could write her own tea brewing apps.
Re: (Score:2)
5 extra minutes in bed per day sounds good to me.
Re: (Score:2)
I used to have one of those. But me and my teasmade parted company when I moved to the USA.
Re: (Score:2)
You, sir, then need the Goblin Teasmaid.
That only works if you wake up at a fixed time each day. With an IoT teapot, you can link it to a motion detector, and have it turn on when it detects you getting out of bed.
Re: (Score:2)
Oh great. I get up in the middle of the night to pee and then the stupid thing wanders off and makes tea.
Meanwhile, six hours later.....
Re: (Score:2)
Oh great. I get up in the middle of the night to pee and then the stupid thing wanders off and makes tea.
That is why every teapot needs a programmable API.
if (motionDetected() && (timeDiff(now() - 0700) > 0) && teapot.waterInPot) {
teapot.turnOnHeatingElement();
}
Re: (Score:2)
I have a Breville tea maker and absolutely love it. It allows you to control the temperature and steeping time. I don't use the feature but I think you can set the time that it will start. I've had it about two years and I use it every day. It's on the expensive side but if you keep an eye on Amazon you can get it on sale but if mine broke I would replace the next day.
Re: (Score:3)
Of course it is! This is the 21st century. We have "The Internet of Things" now.
Every device must have wifi, at the very least.
I mean, seriously - how did people ever get by in the 20th century with no Internet-ready cookware?
Talk about living in the stone age!
Re:Ok first... (Score:5, Insightful)
Let me suggest that within three or four years, the Internet Of Things will be redesignated as The Internet Of Horrors due to the lousy security and the lack of real need for remotely controlled toasters, hair driers, toothbrushes and pencil sharpeners. I'm sure that people putting in 80 hour weeks at SV startups with hopes of paying off their student loans and retiring at the age of 27 will be disappointed by that. But I think in the long run, we will all be better off.
Re: (Score:2)
Yes. We must INTERNET ALL THE THINGS! [element14.com]
Sigh. Once upon a time, a network-attached tea pot was an April Fool's joke. [ietf.org] Now it's a market category.
I blame AOL. And the September That Never Ended. Because all the luser mundanes didn't understand that IT'S SUPPOSED TO BE A JOKE. *facepalm*
Re: (Score:2)
Wait, you mean if I have this kettle in my house, I can use it to boil water at work? Sort of like Playstation NowTM except for boiling water?
Technology is moving so fast I can't keep up any more.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
In Europe, our 230V supply allows us to have 3kW kettles which boil water in just over a minute.
Re: (Score:2)
Exactly, so you Muricans should, instead of buying IoT kettles, choose a simpler solution of either moving overseas or re-doing the electricity infrastructure in the entire country.
Re: (Score:2)
No. You can get taps that deliver not-boiling water. It's hot and steamy, but certainly not boiling, resulting in substandard tea. You also need a sink. An electric kettle can go anywhere there's a plug.
Re: (Score:2)
I have one and used it a lot. The water is hot but not boiling (low 90s Celsius). The problem with them is that there is a small tank under the sink which keeps the water hot so you are paying electricity to keep the water hot even if you aren't using it (over the night) and if you want more than a couple of mugs the temperature starts to drop quickly as the hot water gets diluted with the cooler incoming water.
It has been about 10 years since I've looked into them so maybe they have changed since then.
Re: (Score:2)
Talk about solving First World problems - geesh.
Re: (Score:2)
It must be a very slow kettle if you can save 5 minutes by having it boil on schedule.
Re: (Score:2)
My coffee maker can be set to start at a given time and needs no internet or network connections it simply has a built in clock why complicate things farther? as for reheats the pot is vacuum insulated. It gives me a notification to it beeps.
Re: (Score:2)
Your coffee maker doesn't produce boiling water. Tea requires boiling water. Coffee doesn't.
Re: (Score:2)
Tea requires boiling water.
Absolutely not. Boiling water releases all the dissolved gasses and makes the tea taste flat. You do not boil water for tea, you heat it to a point just below.
The tea leaves don't care if the water is boiling.
Re: (Score:2)
Tea requires boiling water.
Absolutely not. Boiling water releases all the dissolved gasses and makes the tea taste flat. You do not boil water for tea, you heat it to a point just below.
The tea leaves don't care if the water is boiling.
By the time you turn off the boiling kettle and move it to the tea kettle or mug, then pour it through the air, it is a point just below 100C. A little bit of practice helps you get the timing right.
Re: (Score:2)
By the time you turn off the boiling kettle and move it to the tea kettle or mug, then pour it through the air, it is a point just below 100C.
But the water has already boiled. The tea leaves don't care if the water is boiling, it's boiling the water that is the mistake. And no, making tea does NOT require boiling water.
In car terms, it doesn't matter if you step on the brake after you see the cop, he's already clocked you at 10 over the speed limit and he can write you a ticket.
Re: (Score:2)
Re: (Score:2)
Because of Daylight Savings Time. Twice a year you manually have to correct the clock.
Life is hard.
Re: (Score:2)
Re:Ok first... (Score:4, Interesting)
Talk about solving First World problems - geesh.
I live in the first world. I have first world problems. I have no shame in solving them.
Re: (Score:2)
It might be time to get some. Shame, I mean.
Re: (Score:2)
It might be time to get some. Shame, I mean.
Only if it's WiFi connected.
Re: (Score:2)
There's an app for that?!?
$ apt-cache search shame
'Snot in my repo and I'm too lazy to go find my phone.
Re: (Score:2)
Arrive home to the iKettle boiled and ready to pour
Having remote controlled heating elements in an unoccupied house or apartment is a recipe for disaster.
How about: walk in the door, flip the switch on the normal pot, kick off the shoes, hang up the coat, turn on the TV, pour a stiff drink, what was the boiling water for again?
Avoid that bitter taste and brew at the right temperature. Choose from 65, 80, 95 and 100â(TM)c
Using water that has sat in the pot all day, losing dissolved gasses and depositing lime for the next pot, getting the bitter taste right back again.
Talk about solving First World problems - geesh.
Especially since many European kitchens already have a hot water heater on-deman
Re: (Score:2)
Or.... you could click on the link to the article...
I know, I know, this is Slashdot...
Re: (Score:2)
Also, it seems that a wifi control app would be ideal for a sous vide cooker. That shouldn't be much more complicated than a crockpot, why are they so damn expensive?
Re: (Score:2)
Also, it seems that a wifi control app would be ideal for a sous vide cooker. That shouldn't be much more complicated than a crockpot, why are they so damn expensive?
Re: (Score:2)
Also, it seems that a wifi control app would be ideal for a sous vide cooker. That shouldn't be much more complicated than a crockpot, why are they so damn expensive?
Sous Vide means under pressure. Not that pretentious. Michelin makes tires. They also make maps and travel guides, presumably to make people drive more, hence needing tires more often. Providing ratings for restaurants goes along with this. Sous Vide is not about "boiling in a bag" most sous vide cooking is not done at boiling temperatures. Purpose built sous vide cookers are expensive because they are niche products. They also usually have some form of circulation and precise temperature control. C
Re: (Score:2)
No it doesn't.
I bet you don't even know what language it is, you fat cunt.
Re: (Score:2)
Sous Vide means under pressure.
No. Sous vide is french for "under vacuum" according to at least one source [wikipedia.org]. It is, indeed, a pretentious name, and apparently you need that 250 page book to explain it to you.
As for the rest, whoosh. It may not involve boiling in the bag, but it's still putting stuff in a bag and then into hot water to cook it. Just like all the "boil in bag" stuff that you don't actually have to boil, just bring up to temperature.
Re: (Score:2)
I don't see anything describing a low/no water safety shutoff. So hackers can turn it to 100C right when you leave the house in the morning and have your house burnt down by lunchtime?
Also, it seems that a wifi control app would be ideal for a sous vide cooker. That shouldn't be much more complicated than a crockpot, why are they so damn expensive?
It's a kettle. It has low/no water safety shutoff as a given.
That's like criticising a computer for not advertising that the CPU has a thermal protection system built into it.
so constant singleminded tea-oriented conversation (Score:2)
And all modern crackpots are wired to the internet these days.
Re: (Score:2)
Sounds like the iToilet.
Re: (Score:2)
Yep, simply login from your Iphone to flush from anywhere in the world.
Just make sure to share the (strong, secure) password with family/friends/roomies or you'll be in for a load of shit when you get home.
Re: (Score:2)
I see what you did there.
You crazy Brits! (Score:3)
When will you learn a Wi-Fi enable Tea Kettle is a horrible Idea.
Oh I just got a message from my Wi-Fi enabled coffee machine that my coffee is done.
Re: (Score:2)
When will you learn a Wi-Fi enable Tea Kettle is a horrible Idea.
Oh I just got a message from my Wi-Fi enabled coffee machine that my coffee is done.
But an electric tea kettle is a great idea. Most of the USA hasn't caught on to the electric tea kettle yet. Something that astounds people from the rest of the world when visiting the US. If the iCandy is the gateway drug to get electric kettles into the USA, I'm all for it.
Re: (Score:2)
Well the 'nice' part is debatable. The rest you say is true.
This case... (Score:5, Funny)
This is a case of the pot calling the kettle hacked.
[Puts on sunglasses] Yeah!
WHAT!?! (Score:3)
Are you seriously telling me people would buy this and connect it to their wifi and then "manage" it via an app on their phone.
That has to be the epitome of laziness...
Here is the best part:
Invite friends with the new social features. Send messages and invites through the Smarter app via Twitter, Facebook and more. Get together with friends and family and have a tea together. Make drink requests or ask a friend how they would like their tea or coffee before you forget to add the sugar.
Re: (Score:2)
Re: (Score:2)
Great! Now I can be micromanaged at home over "your kettle says you steeped your tea for 1m30s at 173 degrees! Savage! This is an Oolong or gods sake!"
Isn't that illegal?
You'll have the tea inspectors round if you aren't careful.
Re: (Score:2)
I have heard that you can do that without a WiFi-enabled tea kettle.
Welcome to Io(insecure)T. (Score:2)
Re:Welcome to Io(insecure)T. (Score:5, Interesting)
Security is only expensive relative to the prices for components that kettle manufacturers dream of.
Relative to your wallet, the cost of the silicon area for some public key and symmetric crypto along with a good RNG is a fraction of a cent up front and a few cents at the end of the producer-consumer chain. This I know because it's my job to design this stuff.
You'd probably be happy to pay a few cents extra per product for all devices to employ good crypto hardware, but somewhere along the chain is some idiot saying security is expensive.
Re: (Score:2)
Yes the supply of hardware engineers is ok. The supply of cryptographers is low and the supply of cryptographers who can also design production quality silicon designs is horribly low. So we're expensive. But those costs ameliorated over millions of chips isn't high. So for volume products it's ok and usually those chips are available in the market for use in low volume products as well.
Hardcoding keys into silicon without a huge amount of clever obfuscation hardware is indeed idiotic, when extracting one o
Researchers Use ONE WEIRD TRICK to Hack Your WiFi! (Score:2)
Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created a map of insecure WiFi networks across the city.
How much more click baity can you get?
And how is this a surprise? EVERY device you allow to connect to your wifi network is allowed to do so. Did you know your phone has a file in it that STORES YOUR WIFI PASSWORDS?!
Re: (Score:2)
How much more click baity can you get?
Since you asked.
A group of strange men non-consensualy force their way onto your WiFi. Are your teenage daughters in danger?
Re: (Score:2)
At the very least you will have to spoof SSID and MAC and find a way to effectively jam legitimate router while being further out. This is not a trivial step because legitimate router will keep broadcasting and interfering with your imposer handshake.
virus hoax (Score:3)
WiFi water kettle? Really? Seriously? (Score:3)
Re:WiFi water kettle? Really? Seriously? (Score:4, Funny)
Re: (Score:3)
Well, that certainly improve the quality of facebook.
Re: WiFi water kettle? Really? Seriously? (Score:2)
I'd love a smart kettle. Currently I walk into the kitchen, turn it on, and wait 5mins for it to boil. If I could click a button without interrupting my work, it'd save me 5mins a time, 30mins a day, 3 hours a week. That's a lot!
WiFi WTF (Score:2)
Re: (Score:2)
Since boars are mammals, don't they actual do have, you know, mammary glands? and feed their young?
Far be it from me to poke a hole in a good cliche though :)
Re: (Score:2)
Seriously (Score:2)
PSK (pre-shared key) needs to die (Score:3)
For home and corporate use, a public/private key system makes a lot more sense. There are only a few devices which you intend to give permanent wifi access to your home network (visitors can use your guest network which is protected by a simple password). Authenticate each of these devices with their own credentials using a key or certificate physically stored on the device and never transmitted over the network (the private key). If a device is ever compromised ("I lost my phone!"), you can simply revoke the credentials for that one device (delete the public key from the router) without having to make changes to every other device. This capability is already in most wifi routers - WPA2 Enterprise.
The downside is you need to be running some sort of server to handle these authentication requests. RADIUS seems to be the common one. Routers with a RADIUS server built in are rare, but since the software is free (FreeRAIUS) I expect it'll become more common, easier to use, and eventually replace WPA2 Personal (PSK) as the default security for home wifi routers.
Re: (Score:2)
Will the technique work with other devices (Score:2)
Not Google so it's okay? (Score:2)
They were so quick to go after Google for riding around mapping open wifi networks, while these guys are actually hacking router passwords! Yet all people talk about is the WTF factor of a network-enabled electric kettle.
Re: (Score:2)
Good one though.
Chalky stuff (Score:2)
It's not as hard as it was before it was boiled.
Re: (Score:2)
Walls and the short distances in city areas do not help
Re: (Score:2)
Hmm... Brother makes an inexpensive branded coffee pot and, I think, electric kettles. You might be on to something!