Mind your cuppa: Barcelona has 22,000 smart kettles at risk of hacking

Be wary, Barcelona: Avast has revealed the city's IoT devices are insecure

The tech industry has descended on Barcelona for the city's annual Mobile World Congress smartphone show, which means Avast has another security misstep to shout about.

Last year, the security firm sought attention by tricking people into using its unofficial MWC Wi-Fi connection as a warning to visitors to be wary of public broadband. This year, Avast said it's spotted more than 5.3 million hackable, connected devices in Spain, half a million of which are in Barcelona and 22,000 of which are smart kettles alone.

Those devices include the usual Internet of Things victims of attackers as well as security researchers trying to make a point including smart kettles, webcams and baby monitors, as well as the usual subject of derision, smart fridges.

Avast is right to point out the dangers of such poorly connected devices, especially as more and more gadgets come online. The company pointed out that hacked cameras could be used to spy on people, kettles could be turned on remotely, or the devices could be simply rounded up into a botnet.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Avast didn't spend a year touring Spain to uncover such weak points, it merely hopped on Shodan.io a search tool that lets users scan ports and IP addresses. Avast included in its tally any spotted running software or firmware with a flaw that sent data over the internet unencrypted. And if it's that easy for Avast's researchers to find devices to attack, it's simple for hackers, too though that doesn't mean they're actively attacking such connected gadgets.

"With databases of commonly known device vulnerabilities publicly available, it doesn't take a vast amount of effort and knowledge for cybercriminals to connect the dots and find out which devices are vulnerable," said Vince Steckler, CEO at Avast, in a statement. "And even if the devices are password protected, hackers often gain access by trying out the most common usernames and passwords until they crack it."

Steckler called on users to do more to protect such devices by choosing strong passwords and keeping software updated and plugged Avast's own Wi-Fi Finder tool, which scans networks for vulnerable devices and offers tips to fix weaknesses but the IoT is notorious for its lack of security and many have called on the industry to do more to keep its customers safe.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019