- #RSAC: Fixing the Mess of IoT SecurityKen Munro, partner at Pen Test Partners, opened his talk at RSA Conference 2019 by explaining how easy it was for him to hack a Wi-Fi-enabled tea kettle.
- To find out how it connected to the home router, he used the AT command that the kettle’s internet system used.
- Buying used kettles on eBay, he reset to the factory settings, but the original owner’s router information was not deleted, and so not only did he have that key, he also had the former owner’s address through the transaction.
- A front-end vulnerability on a smart hot tub can control the temperature and the jets, but a back-end service provider delivers services to other devices like vehicles and medical equipment.
Read full article: infosecurity-magazine.com