Smart homes are growing in popularity, but the convenience they provide doesn't come without added risk, and the incidence of hackers taking over smart devices is growing.
A recent example of this was demonstrated by London-based security researcher Ken Munro, who showed how easy it is to hack the iKettle, a kind of smart kettle that can be controlled via a smartphone application. Munro demonstrated how its possible to hack the iKettle to reveal a home network's password, which gives hackers the opportunity to install viruses or take control of numerous smart gadgets in the home.
Munro told The Register that it's possible to use social media and other tools to make the iKettle give up Wi-Fi passwords. "Attackers will need to set up a malicious network with the same SSID," or network name, "but with a stronger signal that the iKettle connects to," Munro said.
He explained how it's possible to sit outside of someone's home with a directional antenna pointed at their house, knock out their iKettle's access point so it connects to him. After that, he just sends two commands and the iKettle discloses the wireless key in plain text.
Munro further said it's possible to discover vulnerable Wi-Fi networks easily by using information from websites like WiGLE.net, a service that maps visible networks, and searching for people who tweet on Twitter about their smart appliances.
iKettle's that are linked to the Android app are more vulnerable than those linked to iOS apps, because the former doesn't alter the password from the original default. iOS devices offer more security though, but even their six-digit passwords can be cracked in just a few hours.