When coffee makers are demanding a ransom, you know IoT is screwed
Watch along as hacked machine grinds, beeps, and spews water. …
reader comments
222 with 144 posters participating, including story author
With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong.
As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the $250 devices to see what kinds of hacks he could do. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord. Like this:
“It’s possible,” Hron said in an interview. “It was done to point out that this did happen and could happen to other IoT devices. This is a good example of an out-of-the-box problem. You don’t have to configure anything. Usually, the vendors don’t think about this.”
What do you mean “out-of-the-box”?
When Hron first plugged in his Smarter coffee maker, he discovered that it immediately acted as a Wi-Fi access point that used an unsecured connection to communicate with a smartphone app. The
Continue reading – Article source
