Security researcher hacks coffee maker to show IoT devices’ vulnerabilities
Avast researcher turned a harmless coffee maker into a nefarious ransom-demanding machine
“When turned on for the first time, the coffee maker works in a local mode and it creates its own Wi-Fi network that the hopeful coffee drinker first connects to in order to set up the device,” explains Hron in a blog post. The problem is, there’s hardly any encryption, authorization or authentication. Anyone who can access the network can control the coffee maker by simply changing the device’s IP address.
When Hron learned of this vulnerability, he decided to experiment. He hijacked the Smarter coffee maker via Wi-Fi, changed the machine’s firmware and turned it into a ransom machine.
“We created ransomware that when triggered renders the coffee maker unusable and asks for ransom, while at the same time turning on the hotbed, water dispensing heating element, permanently and spinning up the grinder, forever, displaying the ransom message and beeping,” Hron wrote.
The experiment shines a new spotlight on public Wi-Fi networks, which may make some question the credibility of IoT devices.
Keep in mind that Smarter no longer supports the coffee maker in the experiment. In a bid to move to a safer and more secure platform, the company upgraded its devices’ security in 2017. Newer versions of the Smarter iKettle don’t share this vulnerability.
Digital document processes in 2020: A spotlight on Western Europe
The shift from best practice to business necessityDownload now
Four security considerations for cloud migration
The good, the bad, and the ugly of cloud computingDownload now
VR leads the way in manufacturing
How VR is digitally transforming our worldDownload now
Deeper than digital
Top-performing modern enterprises show why more perfect software is fundamental to successDownload now