Beware, connected iKettles can leak WiFi passwords

Beware, connected iKettles can leak WiFi passwordsSecurity Affairs: The Pen Test Partners researcher Ken Munro mapped and hacked connected iKettles across London demonstrating they leak WiFi passwords.
The Pen Test Partners researcher Ken Munro has conducted a very singular experiment, he mapped and hacked connected kettles across London, demonstrating they leak WiFi passwords.

Once again Internet of Things, this experiment demonstrates that poorly configured devices represent a serious threat for security. The device analyzed by the expert is the iKettle, a family of kettles that is possible to control remotely by using a specific smartphone app.

Ken Munro explained that armed with some social engineering data, a directional antenna, and some networking gear is possible to “easily” cause the iKettle to leak users’ WiFi passwords.

Munro demonstrated with its experiment the security and privacy issued related to the current state of internet of things.


Malware: More Hype Than Reality

Malware: More Hype Than Reality: Sure, malware exists, but is it really as bad as the news suggests?

In any given year, there are approximately 100 shark attacks worldwide. Of those 100, only 16 of these attacks end in a fatality. Funny then, that we humans have such irrational fears about being attacked by a shark while swimming in the ocean. Clearly, the odds of an attack are incredibly small. Our fears are simply fueled by movies and television shows that make the danger seem far more common.

The case against malware is very similar: Malware exists, but it consumes a lot of resources unnecessarily. And despite the danger, IT security professionals place far too much emphasis on data loss through malware than they should.First, let me say that malware can indeed be a huge problem and time must be spent on a defense-in-depth strategy that reduces a companys exposure significantly. But once thats done, its time to move on to the next security hole in your organization.  Unfortunately, were often so focused on malware that we end up with a security posture thats heavily protected against electronic attacks, but lacking in other areas — specifically social engineering.