Most coffee machines are not connected to the internet, but some of the newer models most certainly are. Martin Hron, a security researcher at Avast, managed to reverse engineer an internet-connected coffee machine and after a week of tinkering, he discovered that the machine could be remotely triggered to turn on the burner, display messages, activate the bean grinder as well as dispense water. The only way to stop all this chaos was to unplug the power cord.
How did Hron discover these security holes? When the “Smarter” coffee maker was first plugged in, machine acted as a Wi-Fi access point that used an unsecured connection to communicate with a smartphone app. Since this connection was not encrypted encryption, it was an easy task to figure out how the smartphone controlled the coffee maker and how a rogue phone app could replicate these functions, especially since the firmware updates also did not require any authentication. So, Hron replicated this update process with a modified firmware update.
- The Best Way To Start Your Morning - Say hello to the smaller edition of your favorite Mueller Single Serve Coffee Maker. Fast and easy to use, this...
- Compatible With All Single Cups - Designed to fit all 1.0 & 2.0 single coffee capsules, from now on you can make any type of coffee you want. For the...
- Compact & Quick - Fastest brewing cycle on the market! Takes only 3 MINUTES to have your favorite coffee ready. 10oz water tank, supports standard...
- Note: 1)Too coarse a grind, too little coffee, or insufficiently tamping the grounds before brewing can all lead to inadequate pressure for a proper...
- MULTISTREAM TECHNOLOGY: Extracts more flavor and aroma* in every brew
- FITS ANYWHERE: Less than 5” wide, fits neatly on your countertop. Accommodate a travel mug up to 7 inches tall with the drip tray removed.
It’s possible. It was done to point out that this did happen and could happen to other IoT devices. This is a good example of an out-of-the-box problem. You don’t have to configure anything. Usually, the vendors don’t think about this,” said Hron.