I hear my kettle boiling … could you turn it off for me?

This week I’m off to give a demo of how insecure the iKettle is. The default password, as you can see, is “000000” [here]:

But, surely no-one would put their kettle on the Internet? Well with Shodan it’s not too difficult to find out, and where we can quickly scan for the iKettle protocol [here]:

Though, someone needs to tell them that their kettle is boiling (100 C).But, you say …

That’s a kettle, surely my organisation wouldn’t have a kettle on-line!

But what about all those printer queues that are setup in your organisation, can they be seen? Well, currently, there’s over 175,000 of those queues ready to be connected to across the Internet: