Mind your cuppa: Barcelona has 22,000 smart kettles at risk of hacking

Be wary, Barcelona: Avast has revealed the city's IoT devices are insecure

The tech industry has descended on Barcelona for the city's annual Mobile World Congress smartphone show, which means Avast has another security misstep to shout about.

Last year, the security firm sought attention by tricking people into using its unofficial MWC Wi-Fi connection as a warning to visitors to be wary of public broadband. This year, Avast said it's spotted more than 5.3 million hackable, connected devices in Spain, half a million of which are in Barcelona and 22,000 of which are smart kettles alone.

Those devices include the usual Internet of Things victims of attackers as well as security researchers trying to make a point including smart kettles, webcams and baby monitors, as well as the usual subject of derision, smart fridges.

Avast is right to point out the dangers of such poorly connected devices, especially as more and more gadgets come online. The company pointed out that hacked cameras could be used to spy on people, kettles could be turned on remotely, or the devices could be simply rounded up into a botnet.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Avast didn't spend a year touring Spain to uncover such weak points, it merely hopped on Shodan.io a search tool that lets users scan ports and IP addresses. Avast included in its tally any spotted running software or firmware with a flaw that sent data over the internet unencrypted. And if it's that easy for Avast's researchers to find devices to attack, it's simple for hackers, too though that doesn't mean they're actively attacking such connected gadgets.

"With databases of commonly known device vulnerabilities publicly available, it doesn't take a vast amount of effort and knowledge for cybercriminals to connect the dots and find out which devices are vulnerable," said Vince Steckler, CEO at Avast, in a statement. "And even if the devices are password protected, hackers often gain access by trying out the most common usernames and passwords until they crack it."

Steckler called on users to do more to protect such devices by choosing strong passwords and keeping software updated and plugged Avast's own Wi-Fi Finder tool, which scans networks for vulnerable devices and offers tips to fix weaknesses but the IoT is notorious for its lack of security and many have called on the industry to do more to keep its customers safe.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020