View all newsletters
Sign up to our newsletters

Support 110 years of independent journalism.

  1. Science & Tech
22 October 2015updated 30 Jun 2021 8:10am

Kettles are leaking WiFi passwords (and other failures of the Internet of Things)

Whether we're willing to risk our data for the sake of a fancy kitchen utensil may well be a turning point in the story of internet privacy. 

By Barbara Speed

The rise of the “internet of things” (basically, objects connected to the internet) is quietly rubbing the rough edges off our everyday routines. The average smartphone can now be a light switch, control your electricity meter, and turn on your toaster. Soon, if so inclined, you’ll barely need to engage with anything outside an app. 

But what does connecting everything to everything else actually mean? Take the iKettle. It’s a kettle which lets you boil water by touching a button on an app, thereby saving yourself the precious seconds it takes to, er, walk over to it and press a different button. To do so, it connects to your WiFi network. And that’s where things get a little sticky. Because once things are connected, they can also be hacked. 

According to Ken Munro, who works at Pen Test Partners, which basically tests the hackability of different technologies, it’s pretty easy to hack into the iKettle. Over an incredibly comprehensive series of blogposts covering the various incarnations of the iKettle, the company has shown how to hack into the iKettle and turn it on from afar: “If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle”. Part of the problem is that if you set up the kettle with an Android phone, the authentification code is automatically set as the incredibly secure “000000”, unless you reset it yourself. 

This isn’t a new technological problem – journalists and private detectives were able to hack Milly Dowler’s voicemails because, like most voicemail mailboxes, hers was accessible by an automatically set and easy to guess passcode. Yet as Munro demonstrates in a later blogpost, this all gets more serious once your hackable kettle is connected to other things. As he told tech site The Register, the hack can be used to find our your WiFi password: “I can sit outside of your place with a directional antenna, point it at your house, knock your kettle of your access point, it connects to me, I send two commands and it discloses your wireless key in plain text.”. 

Munro then plotted vulnerable iKettles on a map of London to show how easy it would be for hackers to share the data. The security on most Internet of Things products is, he says, “utterly bananas”. 

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via thesalvo.substack.com Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team. The best way to sign up for The Green Transition is via spotlightonpolicy.substack.com
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU

This is just the latest in a serious of revelations about how these new connected products are actually relatively insecure: you can hack fridges, and thermostats, and probably toasters, too. Yet as Klint Finley points out at Wiredthe real problem isn’t these objects themselves, but the huge amounts of data they send off to servers which may be equally vulnerable, and also far more attractive to hackers. He writes:

We’re putting ever greater amounts of data into the cloud. Nest knows which rooms in your house you spend the time in, and when. Smart appliances transmit our voice commands to their manufacturers. Car insurance companies deploy tracking devices to gauge driver safety. Fitness trackers know our heart rates and how many steps we take each day. The photos we upload to Instagram may include geographic coordinates. 

Alone, these data points may seem unimportant – who cares if a hacker knows where you’re standing in your living room? But together, they paint an entire portrait of a life – a life that’s now accessible to anyone with a tech background and an axe to grind. And that’s before you think about how governments could use these “smart” objects and the resultant data. As digital rights campaigner Cory Doctorow told my colleague Ian Steadman last year, it isn’t hard to imagine a dictatorship which turns off protesters’ heating via a smart thermostat during a bitterly cold winter. 

Whether we’re willing to risk our data for the sake of a WiFi kettle may well be a turning point in the story of internet privacy. Either we give up, and accept that our digital footprints will soon exactly mirror our real ones, or we demand more: better security from companies marketing these connected objects, and better education on how to keep your data secure. Meanwhile, it’s worth weighing up whether each new technology is worth the risks it poses to your privacy – a smart thermostat is helpful for your bills and the environment, but perhaps kettles were fine as they were. 

Content from our partners
Unlocking the potential of a national asset, St Pancras International
Time for Labour to turn the tide on children’s health
How can we deliver better rail journeys for customers?

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via thesalvo.substack.com Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team. The best way to sign up for The Green Transition is via spotlightonpolicy.substack.com
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU