Cybersecurity researcher hacks smart coffee maker with ransomware, uses it to ask for money
However, the coffee maker he used for his research was made before 2017, when the company switched to a new, more secure platform, the post said.
According to Hron, once the smart coffee maker is turned on, it “creates its own Wi-Fi network that the hopeful coffee drinker first connects to in order to set up the device.”
However, the coffee maker’s protocol — or the form it uses to transmit information between the app and the machine — has “hardly any encryption, authorization or authentication,” Hron said in the post.
The coffee maker also lacks any other form of security, to “anyone who has access to the network and is able to reach the IP address of the coffee maker can control it,” the post said.
However, in order to really take over the coffee maker to use it for “nefarious purposes,” Hron decided to try to change the machine’s firmware — which he was able to do.
At first, Hron said, he wanted to use the coffee maker to mine cryptocurrency, but the CPU was too slow.
He decided instead to make it a “ransomware machine,” that would make the coffee maker ask for money.
“We created ransomware that when triggered renders the coffee maker unusable and asks for ransom, while at the same time turning on the hotbed, water dispensing heating element, permanently and spinning up the grinder, forever, displaying the ransom message and beeping,” Hron wrote.
“We thought this would be enough to freak any user out and make it a very stressful experience,” he added. “The only thing the user can do at that point is unplug the coffee maker from the power socket.”
A minute-long video of the ransomware attack on the coffee maker was posted on YouTube on Friday.
Smarter did not immediately respond to Fox News’s request for comment, but the company did tell Forbes that the company significantly upgraded the security for its devices in 2017.
“Smarter is committed to ensuring its smart kitchen range has the highest levels of security safeguards at its core, and all connected products sold since 2017 are certified to the UL 2900-2-2 Standard for Software Cybersecurity for Network-Connectable Devices,” the company said. “A very limited number of first-generation units had been sold in 2016 and although updates are no longer supported for these models, we do review any legacy claims on a per customer basis in order to provide continued customer care.”