Smart devices + smart homes = smart users?
By Laura Haight
A world of smart devices, all interconnected, saving us time and money; adaptive intelligence adjusting to the human proclivity to defy pigeon-holing patterns. This is the technology promise of the Internet of Things.
Then there are these things: Wi-fi connected toilets that you can remotely flush, video door bells so you can see whose at the door no matter where you are, garage doors you can control and now, the iKettle.
Some smart devices are useful and provide support, safety and convenience for busy families. Others may be fun, like programmable light kits. Still others are just plain silly. But smart or silly, they all have one thing in common: they are a very loosely secured door into your home network and all the other devices connected to it, such as your computers, smartphone, and tablets.
A case in point: The iKettle. The iKettle has a smartphone app for both iOS and Android that let's you not only turn the kettle on and off, but also to select from your phone the exact temperature you want your water to be. I guess if you're a tea drinker, different teas need different temperatures. The device connects to your home network and, it has been revealed, is easily hackable.
Given the market for an iKettle, it's not surprising that the vulnerability of the device was discovered by penetration testers in London. It was painfully easy to do and, if you're into this kind of thing, you can watch a video on how it was hacked.
The bottom line for most of us is that once they took control of the iKettle, they had an easy conduit into the Wi-Fi network and a quick bit of code revealed in plain text the network password. The tools to accomplish this were easy - a mobile antenna, a Wi-Fi hotspot with the same ID name (called a SSID) and a laptop. A big plus was that the smartphone software either didn't have allow the owner to change the administration password, or the owners of the scores of iKettles they hacked into didn't bother to change it.
So other than choosing coffee over tea, what's the lesson?
1. Put security first in choosing smart devices for your home. Ask about security, passwords, administrative control.
2. Always change the administrative password for any devices and on your network. Leaving the default password is like going to work in the morning and leaving your front door wide open. Very few people actually take the time to touch their routers once they are set up, so default passwords are often the norm, not the exception. Did you forget yours? Don't worry, there's a website where you or any hacker-in-training can find the default passwords for nearly any model.
3. By default all routers broadcast the SSID. It's a convenience function that increases your chance of being hacked considerably. Hackers can't crack what they can't see. Turn off the broadcast function. That means you'll never see your network in a list of available wireless networks, so write down your network name and keep it in a safe place.
If you want a smart home, you have to become a smart owner.