The fresh smell of ransomed coffee - altering not so smart devices presented at BSidesNova 2019

by Martin Hron,

Summary : Let's have a look at how breaking best security practices in smart devices can potentially lead to serious consequences. This talk presents a case of a coffee maker where replacing a firmware can be done remotely without the user's interaction. The point here is that these devices could be easily turned into a hidden spy, slowly exfiltrating data out of your perimeter or as a tool of extortion. However this talk is on a funny note, the message is clear. If we won't address security in IoT than we are facing a big problem in the future. Come and join me on this journey where S stands for insecurity in IoT.How this has begunHow the coffee maker works out of the box, analyzing the protocolCompanion application and firmware updateReversinggetting the firmware imagereversing control applicationreversing and documenting the firmware step-by-stepPlanning the attackcreating a modified version of firmwarediscussing various possible attack vectorsdemoConclusionfuture worka release of source code and a full paper.- list text here