Attack Vector: Smart Coffee Makers

Wednesday, November 11, 2015 @ 09:11 AM gHale

With the future relying on an increase in connectivity, devices employing Internet of Things-related technology still lack the proper security measures, a new report said.

In a continuing look at the Internet of Things (IoT), Kaspersky Lab researchers chose four random devices, which they analyzed for any security flaws. The results show the flaws in the devices that lead into “smart-homes.”

CCTV Cameras Form Botnet
IEI: Securing IIoT
Botnet Protects Against Malware
Botnet Strengthens Attack Capabilities

The first step in such kind of attacks can occur when utilizing a vulnerability in Google Chromecast devices that allows attackers to hijack the content shown on a smart TV.

This can be useful for displaying error messages that fool the user into believing he needs to change his Wi-Fi password or reset the local wireless router to factory default settings, which can easily end up used by attackers.

Kaspersky researchers also identified a smart coffee maker device that can expose the user’s Wi-Fi password.

Kaspersky declined to name the coffee machine’s make and model since the maker has not patched the vulnerability yet.

Capturing a user’s Wi-Fi password can grant criminals access to a person’s entire portfolio of IoT devices, since all work and use the home’s Wi-Fi network.

It may seem odd, but gaining access to the home via the coffee maker, an attacker could spy on the home’s owners and see when they leave their house, Kaspersky researchers said.

Criminals can do this by connecting to local IP cameras, if present, but also to baby monitor devices.

Once criminals know the house owner is not at home, they can leverage a fourth security issue discovered by Kaspersky’s staff in an unnamed home security system.

While the researchers found the home security system well protected against software attacks, the same was not true on the hardware side.

Apparently, there’s a way to trick contact and motion sensors employed by the system. Researchers found out by using a very powerful magnet, attackers could open doors and windows without triggering the alarm.

Additionally, since the motion detection sensors worked only with “warm” objects, putting on some clothes that hid the criminal’s body heat was enough to make the sensors stay quiet.