Most coffee machines are not connected to the internet, but some of the newer models most certainly are. Martin Hron, a security researcher at Avast, managed to reverse engineer an internet-connected coffee machine and after a week of tinkering, he discovered that the machine could be remotely triggered to turn on the burner, display messages, activate the bean grinder as well as dispense water. The only way to stop all this chaos was to unplug the power cord.
How did Hron discover these security holes? When the “Smarter” coffee maker was first plugged in, machine acted as a Wi-Fi access point that used an unsecured connection to communicate with a smartphone app. Since this connection was not encrypted encryption, it was an easy task to figure out how the smartphone controlled the coffee maker and how a rogue phone app could replicate these functions, especially since the firmware updates also did not require any authentication. So, Hron replicated this update process with a modified firmware update.
- Rapid Brew – Quickly make your favorite pod coffee in just 3 minutes! Our Mueller single serve coffee maker is Ideal for kitchens, offices, hotels...
- Single Cup Servings – There’s no coffee pot to clean! Accepts 1.0 & 2.0 single coffee capsules. Add up to 10 oz water, insert your capsule, add...
- Make Coffee Any Time – Easily brew 1 cup at a time with your favorite coffee flavor. Convenient coffee machine for large groups of people with...
- MULTISTREAM TECHNOLOGY: Extracts full flavor and aroma in every brew.
- FITS ANYWHERE: Less than 5 inches wide, perfect for small spaces.
- MULTIPLE CUP WATER RESERVOIR: Removable 46 oz. reservoir lets you brew up to *4 cups before refilling.
It’s possible. It was done to point out that this did happen and could happen to other IoT devices. This is a good example of an out-of-the-box problem. You don’t have to configure anything. Usually, the vendors don’t think about this,” said Hron.
