Kaspersky Lab issued a report that warns users of the possible risks when facing with connected coffee machines and other wireless-enabled home devices.
The paradigm of the Internet of Things has dramatically enlarged our surface of attack, smart devices surrounding us are a privileged target for cyber criminals. What about your coffee machine? The coffee machines could become the entry point in your network, exactly as described in the past for smart kettles, hackers could hack them to gain access to violate your privacy.
Also in this case, the coffee machines could be controlled via a mobile app, you can have a steaming coffee by starting the device remotely. Clearly, the presence of a flaw could in the way the app exchange information with the coffee machine could open the doors to the hackers. The attackers could exploit the flaw to steal your WiFi password and sniff data in transit in your network.
Security experts at Kaspersky Lab issued a report that warns users of the possible risks when facing with connected coffee machines, and more in general, one of four wireless-enabled home devices analyzed by the experts.
The researchers analyzed four devices that are familiar to many users:
- a USB-dongle for video streaming (Google Chromecast);
- a smartphone-controlled IP camera;
- a smartphone-controlled coffee maker; and
- a home security system, also smartphone-controlled.
The experts discovered a number of vulnerabilities of varying severity, honestly some of them very difficult to exploit due to the necessary condition that must be satisfied to launch the hack.
In order to hack the coffee machines, the attackers would need to know exactly when the owner install them and be physically near the IoT device in a way to intercept the password. Clearly this scenario is not so easy to implement.
Kaspersky reported the security issued to the vendor of the coffee machines, which has acknowledged them and provided the experts with the following statement:
“Both user experience and security are extremely important to us and we continually strive to strike the right balance between the two. The actual risks associated with the vulnerabilities you mentioned during set-up are extremely low. In order to gain access, a hacker would have to be physically within the radius of the home network at the exact time of set-up, which is a window of only a few minutes. In other words, a hacker would have to specifically target a smart coffee maker user and be around at the exact point of set-up, which is extremely unlikely. Because of this, we do not believe the potential vulnerabilities justify the significant negative impacts it will have on user experience if we make the suggested changes. Though no definite plans to change our set-up procedure are in the works, we are constantly reevaluating and wouldn’t hesitate to make changes if risks become more significant. Should something change in the near future we will let you know.”
I partially agree with the above statement, anyway I remark the need to approach IoT paradigm with security by design.
To read the results of the tests executed on the other IoT devices give a look to the report.
(Security Affairs – Coffee machines, hacking)
Share On
