Putting your kettle on the Internet of Things makes your wifi passwords an open secret


#1

[Read the post]


#2

Can they really just drive by, detect the kettle and take it without much more than a pause?

My wireless gets pretty weak at the street. I can only imagine the kettle isn’t all that robust a broadcast.

I would think neighbors and people in shady vans are the bigger threats.


#3

After generations have panicked every time they leave on a trip, wondering if they left the oven or iron or kettle on, now we’ve advanced to the point where we can choose to put them on while thousands of miles away.

In what scenario does it make sense to start a kettle boiling if you’re away from home? There has to be some very specific sweet spot when you’re exactly 2 minutes away so it will be just ready when you get home, and not cooling down already. Because waiting 2 minutes after getting home for the water to boil is so 20th century, I guess.


#4

It depends how quickly you want to become impatient.

A roast dinner used to take 3 1/2-4 hours and you could go crazy with impatience in that time while mother smiled.

Now we can get the same feeling in minutes.

Ah, progress!


#5

My god, woman, how do you not recognize a major advance in labor and time savings?


#6

It seems that there is some near hyperbole about the IoT - Illuminates of Thanateros - being a fundamentally insecure concept doomed to failure and/or dystopian dysfunction. But I think that like any networked equipment, it is only as secure as one makes it. I agree that manufacturers should be doing more to offer products without such glaring vulnerabilities. But much of the journalism I find seems to increasingly put all of the responsibility on them, as if assuming that the average person should not be expected to secure their house and network. It’s so one-sided! Not unlike reporting to people that crowbars are a danger to people’s homes, without teaching people that they could at least be locking their doors and windows, doing something proactive rather than resigning themselves to being reactionary consumers.

I think that the IoT is another area where open-source hardware and software will revolutionize how it is done, because it enable people to audit the security of devices before they choose them, and more easily update to avoid newly-discovered vulnerabilities.


#7

If you have a Wi-Fi kettle

This will never be a problem for me.


#8

[quote=“popobawa4u, post:6, topic:68030”]
as if assuming that the average person should not be expected to secure their house and network[/quote]

At what point does the time/energy/resources spent securing this network of appliances overtake the convenience it is supposed to offer?


#9

I’ve used American kettles before. Those things take forever to boil.


#10

This does look to be a product in search of a use. I bet most people use the Wifi thing a couple of times then go back to using it as an ordinary kettle. The Amazon reviews are poor too.
This is a ‘feature’ apparently:

“Invite friends with the new social features. Send messages and invites through the Smarter app via Twitter, Facebook and more. Get together with friends and family and have a tea together. Make drink requests or ask a friend how they would like their tea or coffee before you forget to add the sugar.”

At least I know my £10 Argos kettle isn’t having a better social life than I do.


#11

My god, man, why are you not using lasers???


#12

Siri, boil water!
Jeremy, the kettle reports that it is empty.
Siri, refill the kettle from the sink.
Sorry, Jeremy, I don’t know how to that.


#13

That’s up to the individual, of course. But with most household appliances and utilities, I think it fair to assume that most people exert some small effort to weigh their options before they buy into something. The Catch-22 here is that expecting that computer security has to be “idiotproof” is precisely what makes it so poor. The household user IS a “network administrator”, whether they like it or not. If they decide that they prefer to be “merely a consumer” and trust their security to some short-sighted corporation, then this kind of drek is what they need to expect. People are quick to say in political areas that those who trade freedom (in this case, convenience) for security have neither, but it is true in a way with computer networks as well. The democratization of computers is great, but them becoming ubiquitous and big bucks does not absolve people of the basic responsibility of needing to know a few things to make good use of them.

Most articles seem to likewise assume that naturally nobody does anything to secure their other computers either. “It’s too bad that we need to trust these companies to keep us safe, because they really don’t.” It’s a good wake-up call, but falls short of being pro-active.


#14

you sure? my kettle get’s really hot when the right buttons are pressed - maybe only the sex life, but I’m a little bit envious


#15

Seriously. Why the fuck would you need to start your kettle “from anywhere in the world”? It really does boggle my mind.


#16

You also have to make sure it’s full of water. Then (if you’re a tea drinker) there’s the brewing time. How do we deal with that?

If you buy this thing you deserve the consequences…


#17

From refrigerators that tell me when I’m out of milk, to home heating & cooling, lots of coffee makers, now a kettle, christ in a sidecar what use do these have but invented convenience by way of bother?

If I spent more than 2 minutes dealing with the connectivity of each of these devices all the benefit is gone. That’s putting aside that the features are ones that I already have built in… to me.

Imma develop a handheld scanner whose sole purpose is to jack any+all these gadgets up in amusing ways that won’t necessarily burn your house down.

That’s a money-maker right there folks, get on it, I forgot to mention I’m lazy.


#18

I wanted to like your comment but got sidetracked.


#19

Well, if you have your house network set up securely, you should already have a “default deny” policy for any incoming connections. At that point, you would need to actively enable access for any specific device/ip/port combination, and presumably you’d restrict the source to some well-secured bastion you then access remotely if/when you want to do something with the device. Or just get a non-IP enabled kettle for a fifth the cost, and have done with it.


#20

Yes. The kettle will almost certainly have a low gain antenna, but range at which you can get a good signal quality is a function of both antennas. This is exactly why the really very crappy antennas in most cellphones can communicate with a cell tower miles away. The tower has a very high gain antenna.

An attacker can use a high gain antenna designed to work for point to point WiFi and use that to sweep a neighborhood as they drive by. This might be illegal to use the necessity power, but that is IIRC just a civil fine. The actual taking of a password is potentially a felony.