Telephones, televisions, cameras, weather boxes, dishwashers, washing machines, refrigerators, vacuum cleaners and coffee machines ... can be changed endlessly, because nowadays everything must be smart. On the one hand, it has many advantages, but on the other hand, it brings completely new risks that we did not even realize. Especially since the Internet of Things is full of unsecured devices just waiting for someone with the right skills to hack them and turn them into an extortion and money making machine. You don't believe? Then just look at this coffee machine that, after hacking, was asking for a ransom!
Fortunately, this time it was only about proving a certain theory, so Martin Hron, a security specialist at Avast, took care of the break-in into the PLN 1000 coffee machine, who wanted to show what home appliances can do in the right hands. - I was asked to prove the myth, let's call it the suspicion that the threat to IoT devices is not access to them through a weak router or Internet connection, but the device itself, which can be easily hijacked without taking over the network or router - we web guides best in a special post on his blog .
And it worked ... a week was enough for an inconspicuous coffee machine to become a ransomware tool. When the user tried to connect him to the home network, the heater of the coffee machine turned on, hot water started to pour from it, the bean grinder did not turn off, and the display showed a message demanding a ransom. The only thing that could be done about it was to turn off the completely useless coffee machine and buy a new one - as Hron emphasizes, this is not a single case, because you can also hack many other Internet of Things devices, because manufacturers do not think about user safety issues.
In this particular case, the point was that the machine acted as an access point and used an unsecured connection to operate as part of the accompanying smartphone application, because this is how users remotely commanded their equipment, and the same is true for many similar home devices. What's more, if the attacker tries his best, it is supposedly possible to infect other devices operating on the same network with one device, so just imagine the need to simultaneously replace the washing machine, refrigerator, dishwasher and many other appliances - in such a situation, paying the ransom does not seem so terrible right?