Security researcher hacks coffee maker to show IoT devices’ vulnerabilities
Avast researcher turned a harmless coffee maker into a nefarious ransom-demanding machine
“When turned on for the first time, the coffee maker works in a local mode and it creates its own Wi-Fi network that the hopeful coffee drinker first connects to in order to set up the device,” explains Hron in a blog post. The problem is, there’s hardly any encryption, authorization or authentication. Anyone who can access the network can control the coffee maker by simply changing the device’s IP address.
When Hron learned of this vulnerability, he decided to experiment. He hijacked the Smarter coffee maker via Wi-Fi, changed the machine’s firmware and turned it into a ransom machine.
“We created ransomware that when triggered renders the coffee maker unusable and asks for ransom, while at the same time turning on the hotbed, water dispensing heating element, permanently and spinning up the grinder, forever, displaying the ransom message and beeping,” Hron wrote.
The experiment shines a new spotlight on public Wi-Fi networks, which may make some question the credibility of IoT devices.
Keep in mind that Smarter no longer supports the coffee maker in the experiment. In a bid to move to a safer and more secure platform, the company upgraded its devices’ security in 2017. Newer versions of the Smarter iKettle don’t share this vulnerability.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now