Ransomware drives the coffee machine crazy

Ransomware drives the coffee machine crazy
What if the coffee machine goes crazy, just like in a B horror movie? It is not fantasy, but a concrete hypothesis, according to what was demonstrated by Martin Hron, researcher Avast. A possibility not to be ruled out when home devices, smart home devices and the Internet of Things, are also connected to the home network or sometimes to the Internet.

Coffee machine and ransomware, a warning for the IoT

The result of the experiment is the one visible in the video below: through a method explained in every detail on the Ars Technica pages (link at the end of the article) he managed to install malicious code in the model sheet Smarter iKettle that allows the device to interface with the smartphone so as to allow the user to find the coffee ready when he gets up in the morning or as soon as he arrives home. By simulating a fictitious firmware update it loaded what can be likened to ransomware making the device completely out of control and unusable. The only thing to do is to disconnect the power.



Obviously no ransom request has been made, but the concept is clear: the security measures implemented in the connected devices that many of us now have in the house are not enough. Manufacturers often underestimate the risk, do not employ cryptography or other security systems to protect the information transmitted, which potentially shows the side of abuse.

If there are no serious consequences in this case, we have recently seen how the scourge of ransomware is in certain circumstances capable of crushing lives. Consider if, instead of a coffee machine, a similar vulnerability was found, for example, in a smart oven, in a thermostat for temperature regulation or in a sensor for detecting fumes and CO. A problem that must be taken into account.

Source: Ars Technica

No comments:

Powered by Blogger.