Boiling water, beeps and error messages: how a hacker can hijack a smart coffee maker

• Security: SER and Everis, victims of a cyber attack that has 'hijacked' their computers

• Security.How can a computer attack like the one at the Torrejón Hospital be avoided?

Not everything is going to be hospitals, the media, consulting firms or strategic sectors;

hackers can also set more modest goals when it comes to 'hijacking' devices for ransom.

, an analyst at security company Avast, has shown that the Internet of Things can be harnessed to attack something as simple as a smart coffee maker.

The victim was a multi-year-old Smarter coffee maker with an Android application and the ability to connect to the Internet to receive orders from the phone.

Being an old model, it no longer received support from its manufacturer and this was one of the keys;

other newer coffee makers couldn't be 'hacked' so easily.

As Hron explains in a blog post, they discovered that the coffeemaker was sending and receiving unencrypted information.

This might seem trivial - what compromised data is a coffee machine going to save beyond whether we prefer the cut or the American one? - but it is what allowed in its tests to gain control of the appliance.

When you plug in the Smarter coffee machine, it becomes a WiFi access point that uses

to communicate with the phone, from which it can then be connected to the Internet.

As if that were not enough, the application stored the most current version of the firmware and when they opened the coffee maker itself, they identified its processor, so they learned how it worked with reverse engineering.

Thus, once they knew how it was communicated, they were able to find out several information that would be important: that the firmware update was done directly from the application and that it was possible to organize an attack to take control of it, either with a fake app (it would require a

attack

to trick the user into downloading the malicious program) or simply with the help of a person who touched the physical button that triggered the update, either with malicious intent or deceived.

In other scenarios this step was not even necessary.

At first the idea was to use the coffee maker to

;

feasible, but unhelpful: it would take an army worthy of Starbucks to be profitable.

And that's when they decided to take control of the appliance.

After updating the firmware, they could make the Maker machine start grinding coffee, expel

, beep, and display an ominous message announcing that it had been hijacked and giving the address of a web page where instructions for paying for the

coffee

would be found. rescue.

Whoever refused to negotiate would only have one solution: unplug (and, predictably, go to Colacao).

Software, hardware and firmware

In this sense, it is convenient to understand the differences between software, hardware and firmware.

Broadly speaking, hardware would be the physical pieces of a device and software, the programs that make it work.

Thus, in a computer, the first term would correspond to RAM, hard disk or processor, while the second would be the operating system or programs and applications.

In the case of household appliances there is a big problem with the components and that is that if one part does not work it is necessary to change the entire component.

This is where the firmware comes in: a small processor that acts as a coach and directs the entire team to keep everything running smoothly.

If a player is injured or is not performing as expected, you can

and try to fix everything without even needing to be near the product;

in this case, a coffee maker.

This makes it possible, for example, to add new functions or correct errors remotely.

The terminal connects to the Internet, either by itself or through an application on a phone, updates itself and 'learns' new tricks.

The problem is that, as Hron explains, the security of a network is only

.

Obviously, the attack is not as dangerous or have such significant repercussions as blocking hospital computers.

However, the little corner of chaos in which an appliance whistles, grinds coffee and spits boiling water reminds us of the dangers of connected devices, their obsolescence (when it comes to upgrades; the fridge will keep cooling) and the relevance of security in the internet of things.

The real problem, therefore, is that they become a door without a lock, that weak link in the chain, since they can serve as an entrance to our network: although it seems impossible, there are not so many steps that separate a coffee maker from the router .

The useful life of an appliance can exceed a decade and there comes a time when the manufacturer may not find it profitable to continue updating the firmware of these products, as they must focus on the newest.

It can also happen that the company itself disappears while its devices continue to work.

And then either pay the ransom or you won't get toast for breakfast.

According to the criteria of The Trust Project

Know more

• Internet

PresentationGalaxy Z Fold 2, Samsung's most unique and futuristic mobile

Technology Toonify, the website that turns your photos into Pixar characters

GadgetsPhilips incorporates AI into its new OLED + 935 TV and launches new noise-canceling headphones

See links of interest

• Last News

• TV programming

• English translator

• Work calendar

• Daily horoscope

• Movies TV

• Topics

• Live: Mackenzie McDonald - Rafa Nadal

• Huesca - Atlético de Madrid, live

• Villarreal - Alaves

• Eibar - Elche

• Real Madrid - Valladolid, live