ransomware attack

New Ransomware: Smart Coffee Machine

According to the threat intelligence for the third quarter of 2020 released by SonicWall security researchers recently, the number of attacks has increased by 30%, and the number of attacks has surged by 40%. Most IoT devices, including smart devices with voice functions, doorbells, Television cameras and electrical appliances are not designed to put safety first, they are very vulnerable to attacks and become entry points and “base areas” for criminals to carry out further attacks.

If the report figures are somewhat abstract, then the following coffee machine attack in reality may give you a more intuitive

The above video shows a smart coffee machine hacked by Avast reverse engineer Martin Hron. Not only will it emit a huge beep and spray hot water, it can also display the ransomware ransom message. This video allows everyone to see more intuitively that not only can a smart coffee machine be hacked, but it can also become a “foothold” for ransomware.

About ten years ago, when the concept of the Internet of Things (IoT) first attracted the attention of the world, no coffee enthusiast would have thought that the coffee machine would become a connected device, let alone that it would be similar to smart speakers, smart doorbells, and smart sockets. Like smart cameras, it has become a target for hackers.

Until, engineer Hron turned a smart coffee machine into a nightmare for all enterprises by modifying the firmware-a ransomware machine.

From smart devices to ransomware machines

In simple terms, firmware is software that allows users to control electronic hardware. Due to historical reasons, usually firmware has no encryption or any form of protection, which makes it vulnerable to attacks by malicious hackers and spy agencies.

Hron pointed out in a blog about vulnerabilities in coffee machines: There are vulnerabilities in firmware. My colleagues often hear me say that firmware is new software, and the software often has vulnerabilities. The blog detailed how he hacked into the smart coffee machine, “The weak state of security is largely due to people starting to plug processors in IoT devices. This is not only cheap, but also has an important Features-can be updated.”

In fact, as early as June 2019, Hron successfully hacked a coffee machine and transformed it into a ransomware machine. Not only that, Hron also showed a more terrifying “prospect”. Hackers can also use smart devices as gateways and springboards to enter private networks as they please. Examples include monitoring every device on the network where the coffee machine is located, eavesdropping on communications between users, downloading sensitive data, and uploading malware (ransomware).

A multinational giant was blackmailed by a coffee machine for 10 million US dollars. This is not a fantasy, but a threat that any company today may face at any time.

A real case

A Reddit user with the pseudonym C10H15N1 witnessed a ransomware attack carried out through a smart coffee machine.

Three years ago, he revealed the incident in a forum post. At that time, the operator of the local factory’s control system reported that all four computers with monitoring software were down and a ransomware message was displayed. As a programmable logic controller (PLC) expert, C10H15N1 assists the operator in finding problems and trying to restore the system. According to the operator’s description, the computer infected with the ransomware (still running the old version of Windows XP) is not connected to the Internet, so the infection path cannot be determined for a while.

Then, C10H15N1 instructs the operator to restart the computer and reinstall the new operating system image. As a result, after the system worked for a while, it crashed one after another and started to display the same blackmail message again, which put C10H15N1 into trouble. When investigating the source of the infection, the operator went to drink coffee, but came back empty-handed because the coffee machine also “frozen” and the same ransomware message appeared on the display.

In the end, although there were no personnel (burns) or financial losses during the entire attack, this was the first time that a ransomware attack was successfully implemented on an industrial control system through a smart coffee machine. The attack also exposed some problems in addition to security awareness and security management. For example, usually smart coffee machines can only be connected to a separate WiFi network, but the third-party personnel who installed the smart water filter actually connected the coffee machine to the control through the network cable. Room network.

Don’t lead wolves into the house

The case introduced in this article proves that ransomware is no longer at the theoretical level, but a terrible real threat (although rare), but today’s enterprises and consumers have not paid enough attention to it.

Today, where ransomware is rampant and remote offices are becoming normal, the intersection of corporate and personal data security threats-home networks, is facing great threats. Here are some of our suggestions for preventing ransomware:

  • Be sure not to connect smart devices (smart coffee machines, sweeping robots, smart doorbells, etc.) to networks containing sensitive information or communications, including corporate and home networks;
  • For corporate management and key employees, the home network must be segmented. It is recommended that home users create a dedicated “guest” network for smart devices, especially not to share the network with PC or NAS);
  • Update the firmware of your smart device as soon as possible;
  • Strengthen network equipment security. Do not use the default password of the router, enable a strong password;
  • If you do not have clear functional requirements and sufficient security awareness and knowledge, please be cautious when purchasing smart devices that can connect to the Internet.