Security researcher hacks coffee maker to show IoT devices’ vulnerabilities

Avast researcher turned a harmless coffee maker into a nefarious ransom-demanding machine

Avast security researcher Martin Hron released a video of him brewing a new kind of trouble in a Smarter coffee maker: A ransom message.

“When turned on for the first time, the coffee maker works in a local mode and it creates its own Wi-Fi network that the hopeful coffee drinker first connects to in order to set up the device,” explains Hron in a blog post. The problem is, there’s hardly any encryption, authorization or authentication. Anyone who can access the network can control the coffee maker by simply changing the device’s IP address.

When Hron learned of this vulnerability, he decided to experiment. He hijacked the Smarter coffee maker via Wi-Fi, changed the machine’s firmware and turned it into a ransom machine. 

“We created ransomware that when triggered renders the coffee maker unusable and asks for ransom, while at the same time turning on the hotbed, water dispensing heating element, permanently and spinning up the grinder, forever, displaying the ransom message and beeping,” Hron wrote.

The experiment shines a new spotlight on public Wi-Fi networks, which may make some question the credibility of IoT devices. 

Keep in mind that Smarter no longer supports the coffee maker in the experiment. In a bid to move to a safer and more secure platform, the company upgraded its devices’ security in 2017. Newer versions of the Smarter iKettle don’t share this vulnerability.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

How can you protect your business from crypto-ransomware?
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
CMS platforms succumb to KashmirBlack botnet as businesses rush online
Security

CMS platforms succumb to KashmirBlack botnet as businesses rush online

22 Oct 2020
Government agencies see misconfigured cloud services as top security threat
Security

Government agencies see misconfigured cloud services as top security threat

22 Oct 2020
Lookout reveals mobile-first endpoint detection and response solution
Security

Lookout reveals mobile-first endpoint detection and response solution

21 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020