Avast researchers hacked a smart coffee maker “in all kinds of ways”. They even turned it into a ransomware tool and a gateway to a home network. The idea of this hacking project was to see how deep IoT vulnerabilities go, and as it turned out, they go pretty deep.
Researchers exploited a smart coffee maker to prove a point
Another recent Avast research showed that about 40% of the smart homes at the moment are vulnerable to remote hacks. A third of those devices are vulnerable because the software of at least one device in the smart home is outdated.
In their more recent endeavor, Avast once more proved that a single smart device can be used as a gateway to the entire home.
The researchers simply “exploited a common problem: like many smart devices, the coffee maker came with default settings and a Wi-Fi connection, so it worked right out of the box. No password was required to connect to the coffee maker over Wi-Fi, so it was easy to upload malicious code into the machine.”
And the coffee maker they used in the hacking experiment is the type that can be discovered in many homes and offices. Through exploiting its vulnerabilities, the team wanted to demonstrate “the potential hacking of a world of smart devices”.
The main problem is that the majority of smart devices are sold without a password to protect the Wi-Fi network. To add to the already existing risk, the owners of the devices also don’t apply a password, thus creating a big loophole – the Wi-Fi network is public and visible to anyone. Once that particular device is compromised, other devices in the smart home can be hacked as well. Even the entire network can be hacked, including computers and mobile devices that are connected to it.
That being said, the researchers “infiltrated the coffee maker via Wi-Fi, then set up malicious software updates that made the coffee maker do unexpected and potentially dangerous things”. They successfully made the burner overheat which could potentially lead to a fire. They also “made scalding water pour onto the burner”, and even made the coffee maker “send ransomware messages”.
What to do to secure your smart home
These are just some of the risks that can be triggered by a vulnerable smart device. To secure a smart home, there are several things its owner can do:
- Minimize Non-Critical Network Exposure – This is actually one of the simplest ways to minimize hacker attacks. This is also one of the easiest measures that device owners can implement. This policy mandates that all unused features and services that the user does not use should be switched off. If the device is a non-critical one (important services do not depend on it) it can also be switched off when not in use. A good firewall setup that prevents administrator access from external networks can protect against brute force attacks. Devices that serve important functions can be segmented into another zone from the primary work or home network.
- A Thorough Setup – Many intrusion attacks are carried by using two popular methods – brute force and dictionary attacks. They act against the authentication mechanisms of the appliances. System administrators can enforce a strong password policy and measures that defend against brute force attacks by adding intrusion detection systems. Using secure protocols is also a good idea – VPN and SSH with a proper security configuration.
- Security Updates – Not providing security updates to the owned appliances is probably one of the biggest problems that lead to intrusion attacks. It is important to perform regular updates, click to learn more.
- Implement Additional Security Measures – When IoT devices are used in a corporate or production environment there are several ways to strengthen the security. These include penetration testing, proactive network management and analysis methods.
You can find more useful tips in our articleSecurity Tips for Configuring IoT Devices.