When coffee makers are demanding a ransom, you know IoT is screwed
https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/snip
Two years ago, Smarter released the iKettle version 3 and the Coffee Maker version 2, said Ken Munro, a researcher who worked for Pen Test Partners at the time. The updated products used a new chipset that fixed the problems. He said that Smarter never issued a CVE vulnerability designation, and it didn't publicly warn customers not to use the old one. Data from the Wigle network search engine shows the older coffee makers are still in use.
As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord. Like this:
snip
long article but interesting if you are into IoT (internet of things) stuff.
5X
(3,988 posts)eppur_se_muova
(37,375 posts)... do we actually NEED to do it ?
discntnt_irny_srcsm
(18,574 posts)Last edited Mon Sep 28, 2020, 02:29 PM - Edit history (1)
I have no need of a web-aware coffee maker. I use a 10 year old k cup machine version 1 that makes 1 of 2 sizes of whatever I put in the basket. Most of the time I use loose coffee sometimes from some Italian espresso capsules that I cut open and load into a universal basket. My coffee maker doesn't need to surf the web nor discuss with my blood pressure cuff if I need to switch to decaf. The idea that this could happen has a negative impact on said BP. (Side note: my phone is telling me that my Rx is ready.)
I sure don't need to look into anti-virus software for any of my kitchen appliances. I won't be interested in flashing the BIOS of my can opener nor spending a few buck for more RAM for my toaster. I prefer my hand-crank can opener and, if that stops working, I have a handful P38 GI units. I'd be happy if they made a 4 or 5 speed manual option for next vehicle. I'm told that's now bordering on an anti-theft feature.
I couldn't find a standard washing machine like the typical ones available 30 years ago. The new one locks the lid when running because I might be a 2 year-old trying to climb into the spin cycle. Now that's a child safe cap that might be useful if actually had a child without stock portfolios or direct deposit. OTOH my dryer door is actually at child height and may spontaneously open due the impact of a tennis shoe.
For those of you { with } web-enabled coffee pots, I suggest getting into your router and listing their MAC address in the children and minors group and set the parental controls on max.
So, as the T-800 said, "I'm old but not obsolete."
Ron Obvious
(6,261 posts)The risks are huge, and the benefits so utterly trivial. I truly don't get the appeal.
PoindexterOglethorpe
(26,724 posts)So glad I simply boil some water every morning and make instant coffee.
HubertHeaver
(2,526 posts)I get green beans, roast them over a charcoal fire in a wok. I grind the roasted beans in a hand-crank burr mill. Dump the ground coffee into a French Press coffee maker, pour the hot water over the grounds, set the plunger on top of the cup and push it down. Fresh coffee!