Coffee machines can also be subject to ransomware attacks demanding ransom

The explosion of IoT (Internet of Things) has brought in a new generation of devices and appliances that we previously only saw in science fiction. However, most of their standout features are based on an Internet connection or at least with the user’s home network.

Security experts have long warned about the risks of such connected devices. However, even if many users themselves can take some precautions, all of that will still be useless if the device manufacturer itself doesn’t update or install the security requirements. basic honey. And an experimental product spreading on the Internet recently is the most concrete proof of this.

Specifically, the viral video shows an image of a Smarter iKettle coffee machine that was infected with ransomware. When the user plugs in the power and tries to connect the device to their home network, it starts to trigger the hot water spray, which automatically grinds coffee even though no ingredients are put in, displays the ransom message is displayed on the display and during the process it will not stop beeping. The only way to make the device stop is to unplug it.

Of course, this is not a real story because no hacker wants to ransom for a coffee machine that costs just over $ 250.

This is the product of Martin Hron, a researcher at security firm Avast. He wanted to test whether it was possible to find a critical flaw in the smart devices’ infrastructure.

“I have been asked to demonstrate a suspicion, that the threat to IoT devices is not only accessing them via a router or exposed to the Internet, but that the IoT device itself is also vulnerable. hurt and can be easily taken ownership, “ the researcher shared on the blog.

IoT devices are warned to have a lot of security holes.

His experiment was successful. After just a week of tinkering, he easily “updated” Smarter’s coffee machine with ransomware disguised as system software. All he did was bring the firmware stored inside the Android smartphone device control application to his computer and reverse engineer it using IDA, a popular software analyzer. Almost immediately, he found the programmer’s readable string and replaced it.

“It turns out that this has happened and can happen to other IoT devices,” said Hron. “This is a good example of a new problem. You don’t have to configure anything. Usually, the sales people don’t think about it.”

Hron hopes that this will be a warning story for manufacturers to step up security because the Internet is part of the product’s equation and also makes consumers more conscious of the products. that they bought and brought home

Refer to the slashgear