back to article Trouble brewing as iThing coffee machine seems to be hackable

The same team of security researchers who discovered that the Wi-Fi iKettle from Smarter blurted out wireless network credentials have found cause for concern over a Wi-Fi Coffee Machine, and iKettle 2.0, from the same manufacturer. Hacking the Wi-Fi IoT Coffee Machine Pen Test Partners mapped and hacked insecure connected …

Anonymous Coward

Pot, kettle ..

.. oh, wait.

Maybe it's just me, but I really can't see the point of hooking up a kettle to the Net.

14
0
Silver badge

Re: Pot, kettle ..

It's not for you - it's for the cubicle dwellers who now are told 'It's not ready yet! back in yer seat!' by supervisors.

8
0
Anonymous Coward

Re: Pot, kettle ..

It's been done before (sort of) - Trojan Room coffee pot cam...

5
0
Anonymous Coward

Re: but I really can't see the point of hooking up a kettle to the Net.

Whereas I can't wait to pay my electricity bill whilst in the middle of enacting a famous historical battle with my local historical society. We really live in a golden age!!!

1
0
Silver badge

Re: Pot, kettle ..

"...I really can't see the point of hooking up a kettle to the Net."

What do you expect?

Idiots make these things and other idiots buy them.

Avoid.

5
0
Silver badge

Re: Pot, kettle ..

"Idiots make these things and other idiots buy them."

Second part right, first part wrong. If you know you're selling to idiots it's common sense to put as little effort as possible into making the thing. Why do more work if it doesn't improve sales?

4
0
Silver badge

Re: Pot, kettle ..

"Maybe it's just me"

Somehow, I don't think it's just you.

* looks at other replies.

It's definitely not just you.

2
0
Silver badge

Re: Pot, kettle ..

It's been done before (sort of) - Trojan Room coffee pot cam...

Is what you're referring too.

I had the pleasure of meeting the chap responsible for creating that early webcam system. He was a very pleasant and humble man.

1
0

I honestly don't need to save time here

I know it's supposed to be a selling point, but I kind of like standing around waiting for coffee to brew. It gets me away from my desk and gives me 5 minutes to hang around the kitchen, where I might meet some interesting people and engage in mild banter or cod philosophy.

12
0
Anonymous Coward

Re: I honestly don't need to save time here

In that context it could be suggested that the purchase of such a kettle is a hint from your coworkers to stop lurking in aforementioned kitchen

:)

5
0
Anonymous Coward

Re: I honestly don't need to save time here

" It gets me away from my desk and gives me 5 minutes to hang around the kitchen, [...]"

We once were on a project on a customer site in Sweden. Our local company kindly provided us with a coffee filter machine and the requisite ingredients - as that was a free perk in their main office.

We found ourselves overdosing on caffeine - because we drank coffee when what we really needed was a break. The long walk to the customer's "brewed while you wait" vending machine supplied us with the chance to stretch our legs - and to get our minds out of "tramline" mode when thinking about a problem.

The same thing happened in the UK. Our company installed new drinks vending machines in every area of every floor. Their idea was to improve the security access of those areas to only the relevant staff. It was also deemed to reduce the time people spent queuing and chatting at the previous few centralised machines. The result was departments became silos - cohesiveness and idea cross-pollination were weakened.

7
0

Kettle user

As a low-security kettle user, I take suggestions from all over, alter the water levels accordingly, am alerted to the water temperature by a kind of bubbly sound followed by a click, and my only open port is used for drinking said tea ;-)

9
0

Re: Kettle user

Beautifully put, I completely agree.

There is also a wifi enabled dustbin. WTF!

0
0
Silver badge

Re: Kettle user

That's a rather high security kettle, actually. Only local console access, although there's no password on that.

2
0
TRT
Silver badge

Re: Kettle user

Does it have embedded Java?

9
0
Flame

Re: Kettle user

My kettle is connected via a remote controlled switch, I fill it the night before, turn it on (& the RC switch off).

Alarm goes off, hand emerges from the duvet then gropes finds the bedside remote control, get up 5 minutes later & make the tea. This is especially important when its -30C outside the house.

My cellphone is purposely left downstairs to charge overnight - Sadly that's about to change with the advent of 24/7 365 day support model.

0
0
Silver badge

Re: Kettle user

get up 5 minutes later & make the tea.

You want a Teasmade, you do.

1
0
Silver badge

Re: Kettle user

Every teasmaid should come with a helmet to protect the sleeping person from hot water splatter. There was a reason why they fell out of favour. (and arguably flavour!)

1
0
Silver badge

Re: Kettle user

Wow, didn't realise it was as early as this...

"On 17 December 1891, Samuel Rowbottom, of 82 Abbey Road, Derby, applied for a patent for his Automatic Tea Making Apparatus, the patent being granted in 1892. It used a clockwork alarm clock, a gas ring and pilot light."

https://en.wikipedia.org/wiki/Teasmade

1
0

Re: Kettle user

& the piddly small cups.

I need half a pint minimum to start the day in a good mood..

1
0
Silver badge

Re: Kettle user

It is not mandatory to use the cups provided with the Teasmade; the pot itself can well hold half a pint of brown joy so you just need an appropriately-sized mug.

BTW, I have, for a long time, used a simple timer switch and a coffee maker in lieu of a conventional alarm clock.

0
0
Facepalm

Re: Kettle user

@ Mark York 3...WTF?

"Alarm goes off, hand emerges from the duvet then gropes finds the bedside remote control, get up 5 minutes later & make the tea. This is especially important when its -30C outside the house."

You know...moving the kettle INSIDE your house, and off of the porch, in the Winter might be a good solution. Chances are the temperature inside your house isn't -30C.

5
0
Anonymous Coward

Re: Kettle user

Impacted ;)

0
0
Silver badge

Re: Kettle user

@Stoneshop - But it does have a facial recognition function that can be enabled.

0
0
Facepalm

Must be a...

...hipster thing...

0
0
Silver badge

Presumably all this wifi enabled stuff, routers, kettles, webcams or whatever, has to have FCC, UL & a stack of other approvals. That provides a chance to introduce a very simple rule. When first installed factory settings only make provision for setup. Only when it's been configured to at least some degree of security does it start to route, boil water, show pictures or whatever.

2
0

Only when it's been configured to at least some degree of security does it start to root, boil water, show pictures or whatever.

Fixed.

0
0
Silver badge
Boffin

Bogus firmware updates?

Maybe as simple as changing the DNS server used, then making firmware.ithing.com point to the malware?

1
0
Silver badge

So how long...

before we have an iHammerDrill getting pwned and used to mine Bitcoins?

0
0

Do NOT want

I simply can't see the point in ANY household appliance being 'connected'. You have to get off your lazy, fat arse in any case, to either put stuff (eg water, clothes, food) in and to take stuff (eg hot water, clean clothes, food) out again.

I kind of get a fridge/freezer/larder that can tell me what I need to order (or possibly passing the order direct to the supermarket of my choice) but we are nowhere near that level of maturity yet.

I kind of get a central heating system I can control from my mobile phone when I am out but the advantages/savings are outweighed tenfold by the cost of the gear.

I say stop now before it all ends in tears.

4
0

Re: Do NOT want

"I kind of get a central heating system I can control from my mobile phone when I am out but the advantages/savings are outweighed tenfold by the cost of the gear."

If you mean the Nest/Hive "Smart" controllers I ask how often do you adjust your non smart timer/thermostat?

The Evohome type system is much more controllable and much more expensive, but has the potential of far greater savings.

0
0
Silver badge
Flame

Re: Do NOT want

I kind of get a fridge/freezer/larder that can tell me what I need to order (or possibly passing the order direct to the supermarket of my choice) but we are nowhere near that level of maturity yet

What I want my freezer and fridge to do is notify me in case of their temperature being out of bounds. No more, no less.

If it's going to be able to order it also needs to know not just what I want to eat as well as have in stock, but also that I'm going to have guests tomorrow, one of which has special dietary requirements. Which means there needs to be an non-clunky* interface to allow setting those options; if I have to go to the supermarket anyway to get the additional stuff because the fridge doesn't cater to that, it might as well not bother in the first place.

A remotely-controllable room thermostat shouldn't need to cost more than EUR.100 over a model with similar smarts without the remote control option, as long as it's just that: being able to receive a signal that says "I want the temperature to be $preset(comfortable) instead of $preset(low) in half an hour". No freely-settable temp, no reporting back, or anything else the 'developers' might think is a neat option that invariably introduces security holes and a dependency on external systems.

* plus a pony, and world peace.

2
0
Silver badge

Re: Do NOT want

"No freely-settable temp, no reporting back, or anything else the 'developers' might think is a neat option that invariably introduces security holes and a dependency on external systems."

Hammer, meet nail. Pretty much *every* IoT device I've seen so far seems to want to connect to the suppliers servers so that *you* can control *your* device via some crap app. WTF is that about if it's not just slurping data for the sake of being able to slurp data?

0
0
FAIL

Re: Do NOT want

I have seen NEST working and it is quite clever in the way it controls the central heating. However, my IT and security part of my brain melted when it showed quite clearly in the web-page, the hours that the house was uninhabited and the general movements of the individual in the house. Best time to burgle the place would be Tuesday between 10:00 and 16:00. Save a few pennies on your heating and increase your contents insurance in subsequent years. Err!

0
0

That's totally unnatural. Coffee before IT is the natural order of things. IT before coffee is just wrong.

3
0

Fule under "Well duh"

Enamored with the technology and not the end product. This is what always happens.

0
0
Coffee/keyboard

But does it conform to standards ?

The Hyper Text Coffee Pot Control Protocol has been around for years...

I wonder if it conforms ?

https://www.ietf.org/rfc/rfc2324.txt

3
0
Pirate

hackable coffeepot

$brew =~ s/morningblend/decaf/; # cut productivity at the knees. the terrorists have won

4
0
Silver badge

No! No! No!

David Lawrence wrote: I simply can't see the point in ANY household appliance being 'connected'. You have to get off your lazy, fat arse in any case... which brings me to the certain horror of the toilet joining the IoT. I do not want anyone else to know how long I spend there, what I do, how much paper I use, details of the sound effects, what I thought about and so on, including an assessment of how much enjoyment I derived from the experience, not least because of the difficulty of coverting a rather subjective rating into a figure someone can log.

Oh and whether I left the seat up or down; definitely not that one.

2
0

Re: No! No! No!

...someone can log

I see what you did there.

4
0
Silver badge

Re: No! No! No!

"which brings me to the certain horror of the toilet joining the IoT."

Considering the array of "extras" available on some Japanese bogs, I have no doubt there is available already at least one internet connected bog which analyses your logs and send off the results to your doctor.

1
0

@internetofshit - they should know about this!

0
0

"@internetofshit - they should know about this!"

Old news. The working name was Web 2.0.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018