Most coffee machines are not connected to the internet, but some of the newer models most certainly are. Martin Hron, a security researcher at Avast, managed to reverse engineer an internet-connected coffee machine and after a week of tinkering, he discovered that the machine could be remotely triggered to turn on the burner, display messages, activate the bean grinder as well as dispense water. The only way to stop all this chaos was to unplug the power cord.
How did Hron discover these security holes? When the “Smarter” coffee maker was first plugged in, machine acted as a Wi-Fi access point that used an unsecured connection to communicate with a smartphone app. Since this connection was not encrypted encryption, it was an easy task to figure out how the smartphone controlled the coffee maker and how a rogue phone app could replicate these functions, especially since the firmware updates also did not require any authentication. So, Hron replicated this update process with a modified firmware update.
- THE BEST WAY TO START YOUR MORNING - Say hello to the smaller edition of your favorite Mueller Single Serve Coffee Maker. Fast and easy to use, this...
- COMPATIBLE WITH ALL SINGLE CUPS - Designed to fit all 1.0 & 2.0 single coffee capsules, from now on you can make any type of coffee you want. For the...
- COMPACT & QUICK - Fastest brewing cycle on the market! Takes only 3 MINUTES to have your favorite coffee ready. 10oz water tank, supports standard...
- MULTISTREAM TECHNOLOGY: Extracts full flavor and aroma in every brew.
- FITS ANYWHERE: Less than 5 inches wide, perfect for small spaces.
- MULTIPLE CUP WATER RESERVOIR: Removable 46 oz. reservoir lets you brew up to *4 cups before refilling.
It’s possible. It was done to point out that this did happen and could happen to other IoT devices. This is a good example of an out-of-the-box problem. You don’t have to configure anything. Usually, the vendors don’t think about this,” said Hron.
