When coffee makers are demanding a ransom, you know IoT is screwed [View all]

https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/

snip

Two years ago, Smarter released the iKettle version 3 and the Coffee Maker version 2, said Ken Munro, a researcher who worked for Pen Test Partners at the time. The updated products used a new chipset that fixed the problems. He said that Smarter never issued a CVE vulnerability designation, and it didn't publicly warn customers not to use the old one. Data from the Wigle network search engine shows the older coffee makers are still in use.

As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord. Like this:



snip

long article but interesting if you are into IoT (internet of things) stuff.