fbpx
perm_phone_msgConsider your business risks? Chat With US

Researcher Creates Ransomware Attack That Can Target Smart Coffee Makers

Ransomware BCyber todayOctober 18, 2020 10

Background
share close

A researcher has found how a ransomware attack that can target a coffee maker independently.

Ransomware Attack On Coffee Maker

Security researcher from Avast, Martin Hron, has explained how smart coffee makers can make your life a hell. He found that an adversary can wage a ransomware attack on a coffee maker. Eventually, the victim would either have to pay the ransom as instructed or disconnect and dump the machine for good.

Sharing the details in a post, Hron revealed the attack strategy. In brief, he observed that the machine, when first connected with the companion app, creates its own WiFi network. This allows the user to connect any other device of the same vendor to the network.

When we downloaded the companion app, we saw that it allows you to create a network of any devices of this particular vendor and connects these devices to the home network and then allows you to control all the functions of your coffee maker or smart kettle. It also allows you to check the firmware version of the device and update it if needed.

While this sounds okay, the problem lies in that the entire connection is unencrypted. Hence, anyone can connect to the network and control the coffee maker.

He reverse-engineered the app firmware and found no encryption. He also analyzed the hardware to identify the WiFi modem and CPU.

While the hardware proved the machine useless for cryptomining, he could devise a ransomware attack for the machine.

Targeting The Machine With Ransomware

The researcher modified the firmware and aimed at the command that connects the machine to the network. Thus, whenever a user would connect the machine to the network, the ransomware would be run.

Describing the attack strategy, Hron stated in the post,

We used the unused memory space at the very end of the firmware to create the malicious code. By using the ARM assembler we created ransomware that when triggered renders the coffee maker unusable and asks for ransom, while at the same time turning on the hotbed, water dispensing heating element, permanently and spinning up the grinder, forever, displaying the ransom message and beeping. We thought this would be enough to freak any user out and make it a very stressful experience. The only thing the user can do at that point is unplug the coffee maker from the power socket.

He has also shared a video demonstrating the attack.

What About The Fix?

Unfortunately, the users of this coffee maker have no way to protect themselves. It’s because the specific model used in this study has reached its end of life support.

However, this isn’t the case with other models by the same vendor that still receive firmware updates.

Yet, given that the vendors never support any devices for decades, and the architecture of IoT, such threats always exist for an average user. According to Hron,

We live in a world where things talk to things, and where the number of smart things is slowly outnumbering the number of computers. These devices, for the most part, have no screen and can therefore mask malicious activities running in the background from their owners.

Seems the non-smart coffee makers were better for us, what do you think? Let us know via the comments section.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Latest posts by Abeerah Hashim (see all)

  • Researcher Creates Ransomware Attack That Can Target Smart Coffee Makers – October 1, 2020
  • Vulnerability In Medium Partner Program Could Allow Siphoning Writers’ Earnings – September 30, 2020
  • French Logistics Giant CMA CGM Group Went Offline Following Malware Attack – September 30, 2020

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Ransomware BCyber / October 19, 2020

Ad-light, Malware-heavy # Chris Dzombak

Ad-light, Malware-heavy Since December 17, Forbes has been running an experiment wherein some fraction of visitors who are running ad blockers are blocked from accessing Forbes articles until they disable their ad blocker. In exchange, Forbes promises an “ad-light experience”: A Forbes article published yesterday claims that this interstitial resulted in 42.4% of visitors turning ...

Read more trending_flat