The Fresh Smell of ransomed coffee

[[correlate]]

Content source

https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/

Some research is so fun that it confirms why I do this work. I was asked to prove a myth, call it a suspicion, that the threat to IoT devices is not just to access them via a weak router or exposure to the internet, but that an IoT device itself is vulnerable and can be easily owned without owning the network or the router. I also bet that I could make that threat persist and present a true danger to any user. We often say that your home network, thought of as a chain of trust, is only as strong as its weakest link, but what if the same were true at the device level? What would that mean?

Let’s say you have an IoT device that is well protected with functions that can be accessed through a well-defined API; even if you can control the device through the API, you probably can’t do too much harm. Firmware, the programming inside the device has logical constraints that don’t allow you, for example, to close garage doors while someone is in the way of them or overheat a device so that it combusts.

We used to trust that hardware, such as a common kitchen appliance, could be trusted and could not be easily altered without physically dismounting the device. But with today’s “smart” appliances, this is no longer the case.

The Fresh Smell of ransomed coffee - Avast Threat Labs

We turned a coffee maker into a dangerous machine asking for ransom by modifying the maker’s firmware. While we could, could someone else do it too?

decoded.avast.io

 

[Cortex]

I have quite a few IOT devices, I do however I do limit these devices when I can manage without a network connection, the last thing the makers of some IOT's care about is security - I feel many are just toys but can give a backdoor to other parts of your networked devices you really need.