When coffee makers are demanding a ransom, you know IoT is screwed - Ars Technica

Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly.

So he then examined the mechanism the coffee maker used to receive firmware updates.

To actually disassemble the firmware—that is, to transform the binary code into the underlying assembly language that communicates with the hardware, Hron had to know what CPU the coffee maker used.

Hron was able to reverse the most important functions, including the ones that check if a carafe is on the burner, cause the device to beep, and—most importantly—install an update.

The only thing the user can do at that point is unplug the coffee maker from the power socket.”.

The easiest is to find a vulnerable coffee maker within Wi-Fi range.

In the event the device hasn’t been configured to connect to a Wi-Fi network, this is as simple as looking for the SSID that’s broadcast by the coffee maker.

Once the device connects to a home network, this ad hoc SSID required to configure the coffee maker and initiate any updates is no longer available.

The attacker would then send the network a deauthorization packet that would cause the coffee maker to disconnect.

The limitation of this attack, it will be obvious to many, is that it works only when the attacker can locate a vulnerable coffee maker and is within Wi-Fi range of it.

Hron said a way around this is to hack a Wi-Fi router and use that as a beachhead to attack the coffee maker.

This attack can be done remotely, but if an attacker has already compromised the router, the network owner has worse things to worry about than a malfunctioning coffee maker.

In any event, Hron said the ransom attack is just the beginning of what an attacker could do.

One of the interesting things about the coffee machine hacked here is that it’s no longer eligible to receive firmware updates, so there’s nothing owners can do to fix the weaknesses Hron found.

But in the case of the coffee maker here, that would actually make you more vulnerable, since it would just broadcast the ad hoc SSID and, in so doing, save a hacker a few steps

Short of using an old-fashioned coffee maker, the better path would be to connect the device to a virtual LAN, which nowadays usually involves using separate SSID that’s partitioned from the one used normally