Network Penetration Testing

Yet another attack against the iKettle wireless kettle. Rumpy pumpy and fire alarms?

Yet another attack against the iKettle wireless kettle. Rumpy pumpy and fire alarms?: Whilst playing around with moosekettle.py, the python client from @iamamoose for driving ones kettle from a desktop, it struck me that there’s a related attack against unconfigured iKettles.

When turned on, before configuring with the mobile app, it runs in Access Point mode and presents the default SSID of ‘iKettle’. Perfect for easy identification when war driving!

Once configured, it flips to being a client on the network. One can tell simply by the SSID whether it’s been configured, or whether someone has plugged it in and not got round to hooking it up to the mobile app yet.