Mind your cuppa: Barcelona has 22,000 smart kettles at risk of hacking

Be wary, Barcelona: Avast has revealed the city's IoT devices are insecure

The tech industry has descended on Barcelona for the city's annual Mobile World Congress smartphone show, which means Avast has another security misstep to shout about.

Last year, the security firm sought attention by tricking people into using its unofficial MWC Wi-Fi connection as a warning to visitors to be wary of public broadband. This year, Avast said it's spotted more than 5.3 million hackable, connected devices in Spain, half a million of which are in Barcelona and 22,000 of which are smart kettles alone.

Advertisement - Article continues below

Those devices include the usual Internet of Things victims of attackers as well as security researchers trying to make a point including smart kettles, webcams and baby monitors, as well as the usual subject of derision, smart fridges.

Avast is right to point out the dangers of such poorly connected devices, especially as more and more gadgets come online. The company pointed out that hacked cameras could be used to spy on people, kettles could be turned on remotely, or the devices could be simply rounded up into a botnet.

Avast didn't spend a year touring Spain to uncover such weak points, it merely hopped on Shodan.io a search tool that lets users scan ports and IP addresses. Avast included in its tally any spotted running software or firmware with a flaw that sent data over the internet unencrypted. And if it's that easy for Avast's researchers to find devices to attack, it's simple for hackers, too though that doesn't mean they're actively attacking such connected gadgets.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"With databases of commonly known device vulnerabilities publicly available, it doesn't take a vast amount of effort and knowledge for cybercriminals to connect the dots and find out which devices are vulnerable," said Vince Steckler, CEO at Avast, in a statement. "And even if the devices are password protected, hackers often gain access by trying out the most common usernames and passwords until they crack it."

Steckler called on users to do more to protect such devices by choosing strong passwords and keeping software updated and plugged Avast's own Wi-Fi Finder tool, which scans networks for vulnerable devices and offers tips to fix weaknesses but the IoT is notorious for its lack of security and many have called on the industry to do more to keep its customers safe.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020