Modern households are filled with appliances that can connect to the internet. The ability to check the weather using nothing more than your fridge or use your smartphone to prepare a cup of coffee while you’re still in bed may sound like tech enthusiast’s dream, but there is a downside to having all of your appliances connected to the internet, especially if the manufacturer doesn’t meet the basic security requirements.
In a video uploaded to YouTube you can see a regular Smarter iKettle coffee machine which has just been ‘updated’ with ransomware disguised as firmware by Avast security researcher Martin Hron. As you would expect from a device that has just been infected with ransomware, the iKettle goes absolutely haywire when they user attempts to use it, performing amusing, yet slightly alarming tasks like spewing hot water onto the base of the machine.
Take a look at the video below
Hron managed to pull off this experiment by communicating with the coffee machine through its smartphone application. Information going through the app is not encrypted and firmware updates coming through the app are not encrypted nor checked for integrity. Using this flaw, Hron simply disguised his ransomware as a firmware update.
The idea behind this experiment was to demonstrate how easy it is for hackers to take over simple household appliances that are connected to the internet, and more so to show how a number of appliances don’t employ even the most basic security practices for software.
It must be noted that Smarter’s latest model of its iKettle (version 3) may have addressed these security issues already. However, both version 1 and 2 of the iKettle are still widely used around the world, and seeing as though most customers only replace appliances once they have broke, there could be a few more coffee machine hacks in the future.
Read Hron full breakdown of how exactly he managed to hack a coffee machine by clicking here.
Image credit: Screenshot/ What a hacked coffee machine looks like