Hacking for fun and profit: How one researcher is making IoT device makers take security seriously – Help Net Security
Generally attracted by research that “looks fun” and particularly interested in probing the security of technologies that have yet to be comprehensively investigated by security researchers, for the past few years Munro has been poking and probing consumer Internet of Things devices, and doing things such as denial of service attacks on Wi-Fi-enabled kettles, or showing that you can make a Bluetooth-enabled doll swear and listen in on users.
His “fun” research often leads to better security for all of us. For example, his probing of the Smarter iKettle and public revelation of its security issues has ultimately lead to a secure product.
As he recently shared with the audience at the World Cybersecurity Congress in London, the security of the first iKettle iteration was simply abysmal: a plaintext connection, a guessable default password that could also be found in manuals available on the Internet, the companion app’s use of ancient commands that could allow attackers to easily discover the encryption key of the user’s Wi-Fi network.
“I think we need to give the kettle manufacturer some credit, actually. I know those were some very serious flaws, but they’ve been very responsible since the first iteration, and have a really great, secure product now. So, if you want to boil your kettle remotely, look for that version,” Munro concluded.