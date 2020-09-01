from the all-your-beans-are-belong-to-us dept.
When coffee makers are demanding a ransom, you know IoT is screwed:
With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter's Internet-of-things coffee maker, you'd be wrong.
As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the $250 devices to see what kinds of hacks he could do. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord.
"It's possible," Hron said in an interview. "It was done to point out that this did happen and could happen to other IoT devices. This is a good example of an out-of-the-box problem. You don't have to configure anything. Usually, the vendors don't think about this."
(Score: 2) by Dr Spin on Sunday September 27, @06:28AM (2 children)
This. A thousand times this.
Vote for Stupid - everyone else does!
(Score: 3, Insightful) by Zinnia Zirconium on Sunday September 27, @06:45AM
I think the vendors think the customers are expected to install the things on a home or office network which is behind NAT that usually functions as enough of a firewall to keep outsiders out and family members or coworkers are not reasonably expected to attack the kitchen appliances over the local network.
(Score: 3, Interesting) by fakefuck39 on Sunday September 27, @06:47AM
Except in this case they do, and the article author is a 16yo girl being loud and making shit up to get attention.
The coffee maker on first power-on makes an unsecure wifi ap, to which you connect your phone app, to put it on your secure wifi. So yes, it can get attacked in those 30 seconds. Like any chromecast or anything else. After that, the author states the updates are sent from your phone to it, unauthenticated, when both devices are on your home wifi. So yes, a hacker can attack your coffeemaker. If the hacker is on your home wifi already.
There is no security issue here.
(Score: 2) by jasassin on Sunday September 27, @06:47AM (1 child)
You kept the receipt.
It's still under warranty (and the company is still in business).
You can afford Starbucks.
It doesn't scald you, your kids, or pets.
Your house doesn't burn down.
You don't have hearing like Blaster from "Mad Max Beyond Thunderdome".
You can get the hacked firmware for use after your company lays you off.
You're not owner, or shareholder, of the company when lawsuits due to the above start arriving.
jasassin@gmail.com Key fingerprint = 0644 173D 8EED AB73 C2A6 B363 8A70 579B B6A7 02CA
(Score: 2) by c0lo on Sunday September 27, @06:58AM
Have they started to pay for the participants in their phase III trials for their awful brew?
If they have, I'll need to consider if my health worth jeopardizing for the money they pay.
(Score: 2) by The Mighty Buzzard on Sunday September 27, @07:06AM
Some things are just too important to stand on principle and refuse to pay the ransom.
This also emphasizes the importance of working backups. I, for instance, have two working drip coffee makers, one espresso/drip combo machine, two espresso pots, and three percolators. And if all that fails, I can make it in a damned cooking pot and make the grounds sink afterwards by adding a bit of cold water. Or cold brew it overnight in mason jars.
People talk about how they'd like to kill pedophiles but only Hillary's got the guts to actually do it.
#Kanye2020