Sep 29, 2020 19:00:00

Wi-Fi enabled coffee makers may be 'infected with ransomware and required ransom'

Martin Hron, an engineer working for security company Avast, hacked an old coffee maker that supports

IoT and succeeded in 'taking control of the coffee generation system and displaying a rent message on the electronic panel', IoT We have proved the danger of the device. The movie shows that hot water spouts from the extraction port of the hijacked coffee maker, and the coffee mill continues to rotate forever.

The Fresh Smell of ransomed coffee --Avast Threat Labs
https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/

When coffee makers are demanding a ransom, you know IoT is screwed | Ars Technica
https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/

Below is a movie of hacking a coffee machine released by Mr. Hron.

What a hacked coffee machine looks like. --YouTube


The coffee maker made by SMARTER was used in this experiment.

Rewrite the firmware of this coffee maker ...

Switch on.

Then, on the electronic panel, the message 'WANT YOUR MACHINE BACK? (Do you want to get this machine back?)' And the URL with the ransom request ...

The devil icon that indicates a malicious act is now displayed repeatedly.

Furthermore, because the coffee generation system was hacked, boiling water spouted from the extraction port, and the coffee mill continued to rotate forever. According to Hron, this situation will last forever until the power is pulled out.

One of the features of the SMARTER coffee maker used in the experiment is that it can be linked with a smartphone app, but due to this linking function, it is mistaken as a secure Wi-Fi access point even for insecure connections. There is a flaw that it works. Hron exploited this flaw by disassembling the firmware, rewriting it to execute malicious code, and forcing a command to update the firmware.

This experiment was a proof-of-concept and required the process of physically contacting the coffee maker or hacking the wireless router connected to the coffee maker as a preparation for hacking the coffee maker. Hacking a coffee maker is a relatively small problem, as hacking a wireless router is more problematic than hacking a coffee maker.

However, Hron said, 'This experiment proves that software on IoT devices can be flawed and can cause serious problems. It wasn't demonstrated this time. In some cases, it may be possible to attack routers, computers, etc. from IoT devices, 'he said.' A typical refrigerator has a lifespan of 17 years, but the developer should update the software for smart functions. Do you think we will support for a period of time? IoT devices are exploding in sales, but support tends to be unsustainable and can be exploited for network breaches, data breaches, ransomware attacks, DDoS, etc. There is. ' 'You may not be able to trust your'smart'device today,' he said.