I hear my kettle boiling … could you turn it off for me?

This week I’m off to give a demo of how insecure the iKettle is. The default password, as you can see, is “000000”:

I hear my kettle boiling … could you turn it off for me?

This week I’m off to give a demo of how insecure the iKettle is. The default password, as you can see, is “000000” [here]:

But, surely no-one would put their kettle on the Internet? Well with Shodan it’s not too difficult to find out, and where we can quickly scan for the iKettle protocol [here]:

Though, someone needs to tell them that their kettle is boiling (100 C).But, you say …

That’s a kettle, surely my organisation wouldn’t have a kettle on-line!

But what about all those printer queues that are setup in your organisation, can they be seen? Well, currently, there’s over 175,000 of those queues ready to be connected to across the Internet:

and over 30,000 HP Laserjets just ready to be discovered:

But you say:

“At least my Bitcoins are safe!”

But are they? Shodan searches for information on the Bitcoin daemon, and any devices connected to it:

“But I feel safe that all our critical national infrastructure is secured and can’t be accessed by malicious agents”,

Well think again … the Modbus protocol allows devices to be controlled remotely. Here’s an example of a device in France:

And you say:

Well I’m off to get some fuel for my car, surely that’s secret!

Ooops:

And you say …

I’m switching off my Internet connection!