The coffee machine we choose for ourselves to prepare a cup of coffee remotely at the exact time you want. You just have to set the time and when the coffee is ready, the application will send you the push-notifications. You can also monitor the status of the machine. In other words, a very reliable and flexible device but what’s the problem then?
It can give access to an outsider to hijack the password of your local wifi and give access to many other devices without your knowledge!
It is said that the coffee maker is one of the four wireless home devices that the studies examined for the weak link because hackers can misuse the internet-connected appliances to steal & manipulate sensitive information. Cybercriminals can make use of the potential vulnerabilities to manipulate and change the owner's sensitive information.
To be honest, Coffee machines were not designed for security initially because no one has imagined they can be used as a medium to hack anyone’s system. Many recent surveys are identifying the vulnerabilities in IoT devices. In past, fax machines were got hacked through weak links, next incident was when hackers launched an attack by manipulating the infrared light by creating a communication channel between smart lights and devices which sense the infrared light.
But if you think about coffee machines providing a channel for a hacker to access your home network, How anyone can access a COFFEE MACHINE?
When we switch ON the coffee machine, It acts as a Wi-Fi access point from which anyone can access which establishes an unencrypted and unsecured connection to a mobile application.
Martin Hron Research:
Researcher Martin Hron from the security sector mentioned in his articles that he discovered to hack a smart coffee machine without breaching the network or the Wifi router. He identifies that coffee machines are behaving as WiFi access points when connected with the mobile application.
He also figured out that his machine's firmware procedures are unencrypted, they didn’t haven’t at least follow the proper authentication process. And what was shocking that he converted the coffee machine to a cryptocurrency mining machine.
After his masterful coding, hron had been initiated the ransomware attack on the machine, making git malfunction, and creating unnecessary noises and unsafe activities like brewed coffee would be spilled on the heated plate which would only resolve when you pay the ransomware. What is more concerning is that do ransomware attackers will stop after the payment of ransomware?
Vulnerabilities in Smart Coffee Maker:
A vulnerability is that the coffee maker exchanges information with the mobile application during the initial setup which provides a channel for a perpetrator to seize the password from the home wireless network.
Before you start the coffee machine, firstly it set it up like this: When the device is plugged in, it establishes the non-encrypted hotspot, and the mobile phones driving the mobile application for the smart coffee machine connects with the hotspot and directs the broadcast request if any devices connected in the network. After the short transmission containing the SSID and the password to the home network, other things are sent from the smartphone to the device. This is a weak link where the problem is detected when the password is transmitted in the unencrypted form, and the encryption key is directed through is an open non-protected channel. The strange thing is that the password can be deciphered easily. Then, the smart coffee machine connects to the home network and finishes to be a hotspot until it is reset. After that, the coffee machine is only used via the home network. However, the password has already been compromised!
The Weak Link of the Smart Coffee Maker was an unencrypted password!
Possible Solutions to mitigate the hack in the Coffee Machines:
1.) Add Firewall:
When you install the coffee machines it is connected to local network so what what prevention possibly you can offer is that install firewall which allow to stop ip spoofing , it can stop to inject shell to other device from same network
2.) Secure the Wireless-Network:
IoT network is connected with the router and it comes with the password, so change it right away to make it complex
3.)Update the ASAP :
Keep the IoT devices updated with the latest versions.
Both security & experience are crucial which strives for the right balance for both aspects. Smart Coffee Companies like Keurig or Braun Coffee Maker stated that for gaining the access, the perpetrator would have to be present in the diameter of the home network at the exact of the set-up so the attack window should be short or they have to be in the area of the user who is using the smart coffee machine. Therefore, Consumers should need to understand both sides of the consequences of using the network-connected devices and purchase the devices which can give the safeguarded certifications.