A new 'smart kettle' can be easily hacked to take over your wifi network, researchers claim
LatestSmarter responded for my request for comment, see below for their response.
Among all of the legions of “smart devices” being marketed these days, there is maybe no less necessary one than the iKettle, a device that saves you from the onerous job of having to stand up or walk in order to have to boil water.
This £99.99 gadget ($154.89 at current exchange rates), made by the UK company Smarter, estimates that it will save you “two days a year in wasted waiting time” by allowing you to control your kettle from your smartphone.
But there’s a pretty big catch. The UK-based security consulting group Pen Test Partners, who haven’t hesitated to criticize smart kettles, especially the iKettle, in the past, say security problems persist in a new version of the device, the iKettle 2.0, allowing the devices to be used as an entry point for hackers to take over your home wifi network.
Specifically, the “fundamental issue is that if you have this kettle it’s possible for someone to get your wireless network key,” which can in turn can give them unfettered access to your wifi network. The new version of the iKettle doesn’t fix that issue, since the apps used to control it haven’t been updated since before the security issue was discovered. I’ve contacted Smarter for comment, but they’ve yet to respond.
If someone were to grab your key through an iKettle, Pen Test says they’d “probably use it to access your home network, take control of your Wi-Fi router, then change your DNS settings so that all your internet traffic is relayed via them. Easy to steal your passwords!” However, if you absolutely cannot live without a kettle you can turn on from your bed, they also suggest a few ways to make your smart kettle more difficult to hack:
- Make sure you change your Wi-Fi router admin password. That’s good advice whether you have a Wi-Fi kettle or not!
- Make sure you’ve changed your Wi-Fi network key from the default too.
- Hopefully the manufacturer will update their application and implement some security. As soon as they do, update your app version.
- Don’t put pointless ‘Internet of Things’ devices on your home network, unless their security is proven.
- In the meantime, turn your iKettle on at the mains when you want to boil it, and off again after.
Or you could, you know, just use a regular kettle.
UPDATE: Smarter responded to my request for comment, saying the features mentioned by Pen Test will not affect the iKettle 2.0, and that their 1.0 app will be updated next month. Their complete comment is below.
Our new product and application have updated security features that are not relevant to the article that you have quoted. The new products have only just being released so have not been received or tested by anyone at that company.
We take security very seriously here at Smarter and have been working with our engineers to ensure that our new products don’t encounter security issues. We will be updating our 1.0 app in November to eradicate that issue from that product.
Ethan Chiel is a reporter for Fusion, writing mostly about the internet and technology. You can (and should) email him at [email protected]