- Avast antivirus engineers were able to assemble a potentially working Monero cryptocurrency miner from a coffee machine. Nevertheless, the capacity of the coffee maker is not enough for the process of mining cryptocurrency itself.
- There are more than 500 products from the segment of the Internet of Things, potentially vulnerable to hacking, according to Avast.
- Avast antivirus specialists hacked a “smart” coffee maker and turned it into a miner for the Monero cryptocurrency (XMR).
Avast antivirus software engineers were able to hack a smart coffee maker for cryptocurrency mining. Researcher Martin Chron announced this in the official blog of the company. According to him, the idea to hack into the coffee machine arose due to the hypothesis that the devices of the Internet of Things (IoT) have a weak level of protection.
As an experiment, the Smarter iKettle coffee maker was chosen, which allows you to remotely prepare coffee using a separate mobile application. Having studied the microcircuit of the “smart” coffee maker, the engineers came to the conclusion that it is not difficult to intercept network traffic when downloading the firmware for the coffee maker.
Later, experts found out that the firmware for the “smart” coffee maker is not downloaded directly from the Internet using an integrated module in the device itself, but through the user’s mobile application.
Rise of the coffee machines
By unzipping the application with the .apk extension, the engineers got access to all the files needed to connect to the coffee maker remotely. By rewriting the unused memory space at the end of the firmware, Avast specialists injected malicious code to mine the Monero cryptocurrency (XMR).
“Initially, we wanted to prove the fact that this device can mine cryptocurrency. Considering the processor and architecture, this is certainly doable, but at 8 MHz it makes no sense, since the produced value of such a miner will be negligible,” said Hron.
Then the experts decided to create a ransom machine out of the coffee maker with a ransom demand. When starting such a machine, the coffee maker constantly turned on the greenhouse, the heating element for supplying water, and also spun the coffee grinder, while displaying the ransom message.
Avast expressed concern about the low level of security of IoT devices. There are at least 500 “smart” coffee makers around the world today from this manufacturer, which still work with the factory settings. The vast majority of these machines are located in Europe.
As the analyst firm Zion Market Research reported, the blockchain industry for IoT will see steady growth in the coming years. According to the company, by 2025, technology spending could exceed $3 billion.