Did you know your pleasant coffee cup can be cruelly hijacked to mine Monero (XMR) or to ask you for a ransom in another cryptocurrency? Well, that is if you have a “smart” coffee machine, which basically means the stuff has access to the Internet.
We have a disappointing fact today. Internet of Things (IoT) devices, aka, everyday objects -like fridges, lightbulbs, locks… and coffee machines- with the capacity to connect to the Internet, aren’t the top of cybersecurity, precisely. Only during six months in 2019, the cybersecurity firm Kaspersky Lab detected 105 million attacks on this kind of device.
Now Martin Hron, senior researcher on Avast, discovered that any simple hacker is able to remotely steal the full control of a smart coffee machine. So, one day you might think you’re having ghosts on the house, because the coffee machine would be acting demonic and possessed, spitting boiled water and with weird emoticons on the flickering screen.
However, a threatening announcement would appear soon on the screen, demanding some cryptocurrency ransom to recover the control of your coffee or blatantly indicating that the thing is mining Monero.
This means you won’t have any chance to take your coffee from there, having a total mess in your kitchen instead. It’d be necessary to pull the plug for the foreseeable future… or pay the ransom in cryptocurrency. But, would you?
Is this serious?
Fortunately, the entire process of the coffee machine hack was made by Hron himself, to prove the so-called myth that “the threat to IoT devices is not just to access them via a weak router or exposure to the Internet, but that an IoT device itself is vulnerable and can be easily owned without owning the network or the router”.
And that’s exactly what he did with a Smarter coffee machine. Don’t be wrong there: “Smarter” is the brand (and apparently isn’t that smart). Hron connected to the machine via non-secure WiFi, retrieved the vulnerable firmware (the internal system of the machine), and modified it to do… anything he wants.
That includes driving the thing crazy, ask remotely for a ransom, and even mining Monero at a very low speed. But that doesn’t mean a bad hacker wouldn’t bother: there’s a thing called “botnet”, where the trick is to hijack as more devices as possible with different purposes, including the cryptocurrency mining.
So, yes, your “smart” devices might be at risk. The best thing you can do about it is checking the firmware yourself with the help of an expert, or turn to some vintage household appliances offline. These security issues might change in the future by using some blockchain technology to improve the devices — but that’s another story.
Featured image by Monero How
Originally published at https://blog.alfa.cash on October 2, 2020.