Who would think appliance manufacturers would be great internet security software developers? Who expects appliance manufacturers to offer software updates for the expected life of the appliance? Not many people would likely answer these questions in the affirmative because, well, appliance manufactures are largely not great at securing their internet-connected devices.
If these problems aren’t resolved and you aren’t capable of setting up firewalls to explicitly protect yourself from such attacks, you should probably stay away!
This article in Forbes shows that a coffee maker currently on the market was hacked in a week and was instructed to beep incessantly and then demand a ransom. This is just one cute example, but it is likely some appliances could be reprogrammed to relay your internet traffic to the bad guys and perhaps even implement a man-in-the-middle attack.
The Forbes article reports more on the issue:
“It may sound like a scenario from a techno-thriller film, but it’s not. Security researchers at Avast recently discovered flaws in a connected coffee maker that allowed them to hijack the device — and even force it to mine cryptocurrency.
In a detailed blog post, Avast’s Martin Hron explains that was really just to prove it was possible. The device’s process isn’t really powerful enough to make any significant contributions to a hacker’s cryptojacking campaign.
The researchers were, however, able to reverse engineer the coffee maker’s firmware and figure out how to take complete control over it. They could force the grinder to run and the warming plate to turn off and on. They could start a brew cycle.
They could also make it beep incessantly. Most importantly, Hron and his colleagues could completely lock an owner out of the appliance and demand a ransom payment.For maximum effect the ransom lock-down routine was wired to particular user action.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group