This isn’t the first time we blogged about coffee machines. And it will probably not be the last time either. But to celebrate the kickoff of the National Cyber Security Awareness Month (NCSAM) in October we wanted to start with something offbeat.
This blog caught our eye: The Fresh Smell of ransomed coffee by Martin Hron, a senior researcher with security vendor Avast. He managed to hack a ‘smart‘ coffee machine, as it acted as a Wi-Fi access point, which establishes an unencrypted, unsecured connection to a mobile companion app. By reverse engineering the firmware update mechanism employed, he managed to produce an actual ransomware attack. Yes, you have read that right.
At first, Hron turned the device into a cryptocurrency miner. This was possible, but would be rather ineffective given the limited speed of the CPU’s processing power. Unless you had an army of coffee machines all around the world, mining precious coins for you.
But after some tinkering, he took it to quite another direction. He rendered the machine unusable by causing a constant stream of noisy malfunctions, hot water dispensing, bleeping sounds and bean grinding that could only be stopped by paying a ransom or permanently pulling out the plug of the machine. You can check out a video of this coffee machine madness to see it for yourself.
Dangers of IoT Devices
Now, we understand that this experiment poses little real life threat to your network. But it does serve as a reminder what dangers the brave new world of IoT devices can cause, as these ‘smart’ devices are starting to pop up more and more in company environments.
Martin Hron himself raises these important points:
We live in a world where things talk to things, and where the number of smart things is slowly outnumbering the number of computers. These devices, for the most part, have no screen and can therefore mask malicious activities running in the background from their owners.
Unfortunately, many vendors make firmware attacks more viable by just leaving security behind and making it wide open to attackers. For cybercriminals this opens and the whole new world of attack surfaces to abuse. It may not be that easy to write and replace firmware, but the advantages of stealthiness and persistence you can achieve are just so tempting.
We are creating an army of abandoned vulnerable devices that can be misused for nefarious purposes such as network breaches, data leaks, ransomware attack and DDoS.
Now, we wouldn’t be Lansweeper if we didn’t have a way to scan this. After all, a ‘smart’ coffee machine could be scanned just as any another connected device in a network. So you can keep track of these devices by scanning for networked devices such as ’smart‘ coffee machines that use SNMP or any other protocol that Lansweeper can scan. You could even throw in our Custom OID scanning to really get the specific details of these networked devices.
Not saying that it should be a top priority on your cybersecurity checklist to meticulously scan your network for rogue coffee machines, but in theory you could do it with Lansweeper, and that’s the point.