How a coffee machine got infected with ransomware virus

The smarter appliance firm has stood out as one of the most recognized Internet of Things (IoT) device companies. The safety of your products has also caught the eye, although it may not be for the right reasons.

After Pen Test Partners experts found serious flaws in iKettle and Coffe Maker, two of the company’s most popular products, Smarter responded by releasing updated versions that included a new chipset to fix the issues., although many unsafe versions of these devices are still widely used in all kinds of environments.

La imagen tiene un atributo ALT vacío; su nombre de archivo es coffeemaker01.jpg

In detecting this, Avast researcher Martin Hron reverse engineered one of the unsafe versions of these coffee machines and determining the extent of the vulnerabilities. After a few days, Hron concluded that it is possible to perform all kinds of malicious activities relatively easily; the researcher was able to manipulate various home appliance functions and even post ransomware threats on the screen. The only way to stop malicious activity is by disconnecting the device from the stream.  

In his report the researcher states that the attack is 100% feasible and could occur similarly on other IoT devices: “Nothing has to be configured, the faults are ready to be exploited as soon as the device starts to be used,” Hron says.

La imagen tiene un atributo ALT vacío; su nombre de archivo es coffeemaker02.jpg

For example, Hron discovered that any Smarter coffee machine could be used as a WiFi hotspot using an un secured connection to communicate with its own mobile app. In turn, this app is used to set up the device and, if the user chooses, connect it to the WiFi network of their home.

Because this connection was not protected, Hron was able to understand the link between the app and the device, further discovering that it was possible to control the appliance with a malicious app. Multiple security omissions allowed the researcher to reverse engineer the Smarter app for Android, resulting in everything needed to manipulate the operation of these devices at will. 

“We thought these actions would be enough to scare any user of vulnerable devices,” Hron said. In addition, the attack can start by simply searching for devices connected to a WiFi network or via the SSID emitted by the appliance. As mentioned above, the attack can only be interrupted by disconnecting the device, although the complexity of its deployment significantly reduces the likelihood of exploitation.