Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

steve2470

(37,468 posts)
Mon Sep 28, 2020, 05:51 AM Sep 2020

When coffee makers are demanding a ransom, you know IoT is screwed

https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/

snip

Two years ago, Smarter released the iKettle version 3 and the Coffee Maker version 2, said Ken Munro, a researcher who worked for Pen Test Partners at the time. The updated products used a new chipset that fixed the problems. He said that Smarter never issued a CVE vulnerability designation, and it didn't publicly warn customers not to use the old one. Data from the Wigle network search engine shows the older coffee makers are still in use.

As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord. Like this:



snip

long article but interesting if you are into IoT (internet of things) stuff.
6 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
When coffee makers are demanding a ransom, you know IoT is screwed (Original Post) steve2470 Sep 2020 OP
I don't need no talking, recording toilets. No IoT for me. 5X Sep 2020 #1
One more of these ideas where 'We CAN do it, therefore we WILL do it !' without asking ... eppur_se_muova Sep 2020 #2
Turnabout is fair play discntnt_irny_srcsm Sep 2020 #3
No IoT in my house Ron Obvious Sep 2020 #4
Oh, my. PoindexterOglethorpe Sep 2020 #5
I don't use those new-fangled coffee thing-a-ma-jigs. HubertHeaver Oct 2020 #6

eppur_se_muova

(37,578 posts)
2. One more of these ideas where 'We CAN do it, therefore we WILL do it !' without asking ...
Mon Sep 28, 2020, 09:28 AM
Sep 2020

... do we actually NEED to do it ?

discntnt_irny_srcsm

(18,593 posts)
3. Turnabout is fair play
Mon Sep 28, 2020, 01:11 PM
Sep 2020

Last edited Mon Sep 28, 2020, 02:29 PM - Edit history (1)

I have no need of a web-aware coffee maker. I use a 10 year old k cup machine version 1 that makes 1 of 2 sizes of whatever I put in the basket. Most of the time I use loose coffee sometimes from some Italian espresso capsules that I cut open and load into a universal basket. My coffee maker doesn't need to surf the web nor discuss with my blood pressure cuff if I need to switch to decaf. The idea that this could happen has a negative impact on said BP. (Side note: my phone is telling me that my Rx is ready.)

I sure don't need to look into anti-virus software for any of my kitchen appliances. I won't be interested in flashing the BIOS of my can opener nor spending a few buck for more RAM for my toaster. I prefer my hand-crank can opener and, if that stops working, I have a handful P38 GI units. I'd be happy if they made a 4 or 5 speed manual option for next vehicle. I'm told that's now bordering on an anti-theft feature.

I couldn't find a standard washing machine like the typical ones available 30 years ago. The new one locks the lid when running because I might be a 2 year-old trying to climb into the spin cycle. Now that's a child safe cap that might be useful if actually had a child without stock portfolios or direct deposit. OTOH my dryer door is actually at child height and may spontaneously open due the impact of a tennis shoe.

For those of you { with } web-enabled coffee pots, I suggest getting into your router and listing their MAC address in the children and minors group and set the parental controls on max.

So, as the T-800 said, "I'm old but not obsolete."

 

Ron Obvious

(6,261 posts)
4. No IoT in my house
Tue Sep 29, 2020, 01:03 PM
Sep 2020

The risks are huge, and the benefits so utterly trivial. I truly don't get the appeal.

HubertHeaver

(2,526 posts)
6. I don't use those new-fangled coffee thing-a-ma-jigs.
Thu Oct 1, 2020, 01:11 AM
Oct 2020

I get green beans, roast them over a charcoal fire in a wok. I grind the roasted beans in a hand-crank burr mill. Dump the ground coffee into a French Press coffee maker, pour the hot water over the grounds, set the plunger on top of the cup and push it down. Fresh coffee!

Latest Discussions»Help & Search»Computer Help and Support»When coffee makers are de...