https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


iStock

Connected tea kettle

How to Hack a Wireless Network with a Smart Teakettle

An array of IoT devices could be used to provide a back door into a secure wireless network. After a breach has occurred, the technique could be used to erase traces that the network was compromised.
  • Written by Aaron Marsh
  • 8th August 2016

Oh, the possibilities that a system of interconnected wireless devices — generally categorized as the Internet of Things (IoT) — can create, like smarter, more efficient offices, homes, vehicles and environments of all kinds, or new ways your business could be compromised by cybercriminals with you perfectly unaware.

At the BlackBerry Security Summit in July, the enterprise security solutions and communications provider had Campbell Murray and Fraser Winterborn, its technical director and head of R&D for encryption, respectively, perform a live hack before an audience into a business' secure wireless network through an electric teakettle. The two “white hat” hackers provide penetration testing services, one of the latest additions to BlackBerry's product and service portfolio.

Such a device is “something you probably haven't thought about much when it comes to security,” Chief Security Officer David Kleidermacher understated in introducing the two. Walking the audience step-by-step through the hack, Murray pointed out that it could be done through “literally any device that is not a personal computing device and can be network-connected” that happens to have the right engineering flaws.

“The IoT device we have here is a teakettle. It could be anything — could be a fridge, blender, juicer, physical access control systems, industrial control systems — those all fall into the IoT category as well,” Murray said. He narrated while Winterborn performed the hack.

Here's the setup:

The teakettle was connected wirelessly to an Apple iPhone to allow a user to, benignly enough, set up a schedule for it to boil. The iPhone was a BYOD (bring your own device) item an employee would use on the business' Wi-Fi network, which had WK2 encryption. “It's not the best and not the worst enterprise-grade Wi-Fi security you may have for your protection,” Murray pointed out, “but for your average home office or small enterprise, this is what you'll most likely find.”

Here's how they did it:

1. Get close enough to access the device's wireless connection. “We've got a bit of distance between the attack and the kettle. You can see there are no cables on the kettle, simply a power cord,” said Murray. “It's communicating completely wirelessly, so Fraser could sit out in a car park or in the bushes in back of your office to perform all these functions.”

2. Create a copy of the IoT device's secure Wi-Fi network. Detecting the wireless network to which the kettle was connected, Winterborn created a copycat network. “It's not an exact copy; it's not a secure network. It's simply got the same name,” Murray noted. “We refer to that as an SSID. You probably go home and your wireless network is called 'SmithsHome' or whatever you decided to call it.”

3. Disconnect the IoT device from its proper network. “This is a feature, not a hack,” Murray stressed. “It's actually how these things work. Quite often, enterprise networks might have multiple devices [connected], and if the phone stops working, you need to tell it to disconnect; if [a device] is not communicating, tell it to disconnect.” Winterborn was able to de-authorize the wireless kettle from its network.

4. Connect the IoT device to your phony network. Murray explained the first security engineering flaw in the device: the kettle's wireless simply found a network with seemingly the correct name and a strong signal and reconnected, but had no verification it was the proper network.

“That kettle is now talking to us, not to its original network. That flaw in design, the lack of development-lifecycle assurance as they're putting this device together on the shop floor, means they've not really thought this through,” Murray said. “They've not looked at the risks.”

5. Get ready to send commands to the IoT device. In what he described as “a real problem” and the second security flaw, Murray noted the kettle had a very low-strength password to its own mechanism to communicate and receive commands.

“Whoever designed this really didn't put any thought into security, because the password is super-simple: It's six zeros,” Murray said. “But obviously, it is a computing device, because the smartphone has to be able to communicate with it in some way.”

6. Extract the password for the original Wi-Fi network. “Now we have communication — we're now talking to the kettle and we're running one simple command,” Murray told the audience. “We've extracted the stored Wi-Fi password for the secure network.

“That's your third flaw: That password should not be stored in a reversible or unencrypted form,” he continued. “There is no 'lay approach' to security.”

7. Connect to the original secure Wi-Fi network. “At this point, we've created no footprint as an attacker,” said Murray. “We have the network key now, and we can pop that in quickly.” Projected onto a large screen, the audience could then see data flowing within the secure network.

“What was previously encrypted to us and secure in that office network — people are using it, and you've got a strong key — we can now see as standard network traffic,” he added. “It's visible as plain text to us.” 

8. Grab some data and do your dirtiest. Now able to connect to the original secure Wi-Fi network, Winterborn captured a packet of email, which was unencrypted beyond the network password gateway.

“That's collection of email from a bring-your-own-device now for me as your average office worker,” Murray noted. “I've simply connected to the secure network at my office — of course it's okay.” The “email” the two collected in the demo, however, showed sensitive business information.

“This is the real flaw: if we compromise any communications across that wireless network, there is no forensic team in the world who are going to be able to discover how we did it,” he explained. “We've only compromised the kettle; if we turn it off and back on again, it has no memory.

“So we'll just turn it off. Any trace of what we've done is now lost forever.”

Compromising Your Network without a Trace

Murray put the hack — which took only a matter of minutes — into sobering context.

“Fraser has sat in a car park out in back of your office. He's compromised your office's secure network untraceably — he's not logged on to the network, he's not created any footprint and he's collected those secure communications,” Murray said.

And it had all been done via an unassuming IoT device few would give a second — or even first — thought to in terms of cybersecurity. “As I said, it doesn't have to be a kettle — could be anything,” Murray emphasized.

He advised businesses first to be cautious of what devices they allow to be brought into their networks, but also said a lack of appropriate security engineering is a larger industry problem. “As we become increasingly technical and increasingly involved in putting technology into things like mundane household devices,” Murray said, “we've really got to start thinking about these things.”

This article was originally published in our sister publication FleetOwner. 

Tags: Article Security Technologies

Related


  • IoT security
    IoT Device Security: Risk Assessment, Hygiene Are Key
    As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.
  • Five Principles in a Zero-Trust Security Approach to IoT
    IoT devices have created vulnerability for IT networks, but a zero-trust security approach can lock down attack vectors. Here are five key principles.
  • Tactics for Successfully Selling IoT Technologies
    While this year has proven the value of digitization, many enterprises need persuasion. Experts discuss strategies for successfully selling IoT.
  • LynxSecure Datasheet
    LynxSecure is a tiny separation kernel that can be programmed to partition a modern processor into secure virtual environments. It is not RTOS. It is not a traditional hypervisor. It is smaller than a microkernel (as small as 15Kb). LynxSecure requires and leverages the hardware virtualization capabilities of certain modern CPUs to (1) establish secure […]

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Cybersecurity Crisis Management During the Coronavirus Pandemic
  • In Industrial Realm, Trustworthy Software Means Safety
  • Integrating Analog Controls into IIoT Systems
  • Dell Sells RSA Security for More Than $2 Billion

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Smart Manufacturing With IoT

4th December 2020

Ensuring Safety & Security of Pharmaceutical Supply Chain: A Case Study

4th December 2020

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Real Cyber Threats and Best Practices Cyber Security Strategy and Solutions for Smart Manufacturing

1st December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

#Supplychain analytics, #digitaltwins and other tools are key to predicting COVID-19-style disruption in the supply… twitter.com/i/web/status/1…

18th January 2021
IoTWorldToday, IoTWorldSeries

At #CES2021, @verizon touts #5Gconnectivit as the key to digitization in pandemic times. But experts say there are… twitter.com/i/web/status/1…

12th January 2021
IoTWorldToday, IoTWorldSeries

The #privateLTE market is due to grown, given increased needs for #networkperformance and #networkbandwidth.… twitter.com/i/web/status/1…

12th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X