Watch a Hacked "Smart Coffeemaker" Spew Steaming Water

How much harm could a hacked coffeemaker do?

Bad Beans

About five years ago, the security firm Pen Test found numerous security problems with a line of smart coffee makers and kettles made by a startup called Smarter.

Now, in a humorous illustration of the perils of connected devices with poor security, a security researcher named Martin Hron attacked one of the company's coffee makers — and forced it to turn on its heating element, spew steaming water onto it, and even spin up the bean grinder while showing a ransomware message.

Wretched Roast

Hron, who works for security company Avast, told Ars Technica that he hacked the coffeemaker to see how far he could exploit the hardware, but also to warn consumers about the dangers of poorly secured smart devices.

"It was done to point out that this did happen and could happen to other IoT devices," he told Ars. "This is a good example of an out-of-the-box problem. You don't have to configure anything. Usually, the vendors don’t think about this."

Daily Grind

There's only limited harm that a coffee maker can do. But with connected gadgets like home security systems, vehicles or medical equipment, the risks could be vastly higher.

"Sure, you can still use it even if it’s not getting updates anymore, but with the pace of IoT explosion and bad attitude to support, we are creating an army of abandoned vulnerable devices that can be misused for nefarious purposes such as network breaches, data leaks, ransomware attack and DDoS," Hron wrote in a blog post about the hack.

READ MORE: When coffee makers are demanding a ransom, you know IoT is screwed [Ars Technica]

More on cybersecurity: FBI Reportedly Foils Russian Hack at Tesla Factory