Whipped Cream Difficulties

We have a coffee maker that allows you to make coffee the old fashioned way by pressing a few buttons or via a mobile phone or tablet using an app. The maker operates with Wi-Fi and when unboxed you have to connect it to your network through a companion app on your mobile phone. When turned on for the first time, the coffee maker works in a local mode and it creates its own Wi-Fi network that the hopeful coffee drinker first connects to in order to set up the device.

…

The protocol that this device speaks has already been documented on the internet by several other researchers. As expected, it’s a simple binary protocol with hardly any encryption, authorization or authentication. Communication with machines takes place on TCP port 2081.

“hardly any encryption, authorization or authentication”. I bet you can guess what happens next. Yes! Hilarity ensues!

We used the unused memory space at the very end of the firmware to create the malicious code. By using the ARM assembler we created ransomware that when triggered renders the coffee maker unusable and asks for ransom, while at the same time turning on the hotbed, water dispensing heating element, permanently and spinning up the grinder, forever, displaying the ransom message and beeping. We thought this would be enough to freak any user out and make it a very stressful experience. The only thing the user can do at that point is unplug the coffee maker from the power socket.

The write-up is much, much longer and more detailed: I’m just trying to hit the high points here.

Bonus:

Even if we were to contact the vendor, we would likely get no response. According to their website, this generation of coffee maker is no longer supported. So users should not expect a fix.

(Hattip: Hacker News on the Twitter.)