Internet of Things
Monero-mining coffee makers preyed upon by ransomware
The average useful life of a refrigerator is 17 years. How long do you think the manufacturer will support its models with updates? We are surrounded by appliances that are increasingly integrating technology and integrating into the internet of things, but many of them are not prepared to face the threats posed by such a long product life.
We have seen the perfect example these days with some old coffee makers from the manufacturer Smarter. Don’t be fooled by that name, because their products have been plagued with security problems for a long time and this company doesn’t even warn that their old coffee makers are still vulnerable to mind-blowing cyberattacks that get them to mine Monero (albeit at a snail’s speed) and that allow you to control all the functions to turn that coffee machine into a machine “owned” by ransomware.
A demonic coffee pot, or almost
As noted in Ars Technica, Smarter already had problems in 2015 with some of its models of coffee machines and kettles. They managed to correct those problems in their new models, but they never registered it with a CVE (Common Vulnerabilities and Exposures) of their previous problems with those models that continue to work today in many homes.
Martin Hron , a cybersecurity expert who works for Avast wanted to demonstrate the danger of these appliances that last forever and that nobody patches. He took advantage of one of the old coffee machines to try to expose the problem and began to discover the spiral of carelessness committed by the manufacturer .
For example, for its start-up, the coffee machine connects to a WiFi access point with a non-secure connection and then it detected that firmware updates are also received through the phone and through a connection without encryption, without authentication and without signature. of code . That allowed him to modify the firmware after opening the coffee maker and detect which was the CPU that governed everything to adapt it to that chip.
The result: absolute control of the cafetar, which was even able to reschedule to mine the cryptocurrency Monero . The CPU speed (8 MHz) was ridiculous for this purpose, but it was just one example of everything you could do with a coffee maker that basically went “crazy” with a simple command and that it was only possible to stop by unplugging it from the power. .
As Hron himself explained, the long life of household appliances is a huge problem for the Internet of Things and those devices that last for many years at home and are already part of these systems:
“It is true that you can use them even if they do not receive more updates, but with the pace of the explosion of the IoT and the bad attitude towards support, we are creating an army of vulnerable and abandoned devices that can be misused for nefarious purposes like network breaches, data leaks, ransom attacks and DDoS. “