back to article Trouble brewing as iThing coffee machine seems to be hackable

The same team of security researchers who discovered that the Wi-Fi iKettle from Smarter blurted out wireless network credentials have found cause for concern over a Wi-Fi Coffee Machine, and iKettle 2.0, from the same manufacturer. Hacking the Wi-Fi IoT Coffee Machine Pen Test Partners mapped and hacked insecure connected …

  1. Anonymous Coward
    Anonymous Coward

    Pot, kettle ..

    .. oh, wait.

    Maybe it's just me, but I really can't see the point of hooking up a kettle to the Net.

    1. Elmer Phud

      Re: Pot, kettle ..

      It's not for you - it's for the cubicle dwellers who now are told 'It's not ready yet! back in yer seat!' by supervisors.

    2. Anonymous Coward
      Anonymous Coward

      Re: Pot, kettle ..

      It's been done before (sort of) - Trojan Room coffee pot cam...

      1. nematoad

        Re: Pot, kettle ..

        "...I really can't see the point of hooking up a kettle to the Net."

        What do you expect?

        Idiots make these things and other idiots buy them.

        Avoid.

        1. Doctor Syntax Silver badge

          Re: Pot, kettle ..

          "Idiots make these things and other idiots buy them."

          Second part right, first part wrong. If you know you're selling to idiots it's common sense to put as little effort as possible into making the thing. Why do more work if it doesn't improve sales?

      2. A Non e-mouse Silver badge

        Re: Pot, kettle ..

        It's been done before (sort of) - Trojan Room coffee pot cam...

        Is what you're referring too.

        I had the pleasure of meeting the chap responsible for creating that early webcam system. He was a very pleasant and humble man.

    3. Anonymous Coward
      Anonymous Coward

      Re: but I really can't see the point of hooking up a kettle to the Net.

      Whereas I can't wait to pay my electricity bill whilst in the middle of enacting a famous historical battle with my local historical society. We really live in a golden age!!!

    4. VinceH

      Re: Pot, kettle ..

      "Maybe it's just me"

      Somehow, I don't think it's just you.

      * looks at other replies.

      It's definitely not just you.

  2. Anonymous Coward
    Anonymous Coward

    I honestly don't need to save time here

    I know it's supposed to be a selling point, but I kind of like standing around waiting for coffee to brew. It gets me away from my desk and gives me 5 minutes to hang around the kitchen, where I might meet some interesting people and engage in mild banter or cod philosophy.

    1. Anonymous Coward
      Anonymous Coward

      Re: I honestly don't need to save time here

      In that context it could be suggested that the purchase of such a kettle is a hint from your coworkers to stop lurking in aforementioned kitchen

      :)

    2. Anonymous Coward
      Anonymous Coward

      Re: I honestly don't need to save time here

      " It gets me away from my desk and gives me 5 minutes to hang around the kitchen, [...]"

      We once were on a project on a customer site in Sweden. Our local company kindly provided us with a coffee filter machine and the requisite ingredients - as that was a free perk in their main office.

      We found ourselves overdosing on caffeine - because we drank coffee when what we really needed was a break. The long walk to the customer's "brewed while you wait" vending machine supplied us with the chance to stretch our legs - and to get our minds out of "tramline" mode when thinking about a problem.

      The same thing happened in the UK. Our company installed new drinks vending machines in every area of every floor. Their idea was to improve the security access of those areas to only the relevant staff. It was also deemed to reduce the time people spent queuing and chatting at the previous few centralised machines. The result was departments became silos - cohesiveness and idea cross-pollination were weakened.

  3. Roq D. Kasba

    Kettle user

    As a low-security kettle user, I take suggestions from all over, alter the water levels accordingly, am alerted to the water temperature by a kind of bubbly sound followed by a click, and my only open port is used for drinking said tea ;-)

    1. dc_m

      Re: Kettle user

      Beautifully put, I completely agree.

      There is also a wifi enabled dustbin. WTF!

    2. Stoneshop

      Re: Kettle user

      That's a rather high security kettle, actually. Only local console access, although there's no password on that.

      1. TRT Silver badge

        Re: Kettle user

        Does it have embedded Java?

        1. Mark York 3 Silver badge
          Flame

          Re: Kettle user

          My kettle is connected via a remote controlled switch, I fill it the night before, turn it on (& the RC switch off).

          Alarm goes off, hand emerges from the duvet then gropes finds the bedside remote control, get up 5 minutes later & make the tea. This is especially important when its -30C outside the house.

          My cellphone is purposely left downstairs to charge overnight - Sadly that's about to change with the advent of 24/7 365 day support model.

          1. Stoneshop

            Re: Kettle user

            get up 5 minutes later & make the tea.

            You want a Teasmade, you do.

            1. msknight

              Re: Kettle user

              Every teasmaid should come with a helmet to protect the sleeping person from hot water splatter. There was a reason why they fell out of favour. (and arguably flavour!)

              1. Mark York 3 Silver badge

                Re: Kettle user

                & the piddly small cups.

                I need half a pint minimum to start the day in a good mood..

                1. Stoneshop

                  Re: Kettle user

                  It is not mandatory to use the cups provided with the Teasmade; the pot itself can well hold half a pint of brown joy so you just need an appropriately-sized mug.

                  BTW, I have, for a long time, used a simple timer switch and a coffee maker in lieu of a conventional alarm clock.

            2. msknight

              Re: Kettle user

              Wow, didn't realise it was as early as this...

              "On 17 December 1891, Samuel Rowbottom, of 82 Abbey Road, Derby, applied for a patent for his Automatic Tea Making Apparatus, the patent being granted in 1892. It used a clockwork alarm clock, a gas ring and pilot light."

              https://en.wikipedia.org/wiki/Teasmade

          2. ItsNotMe
            Facepalm

            Re: Kettle user

            @ Mark York 3...WTF?

            "Alarm goes off, hand emerges from the duvet then gropes finds the bedside remote control, get up 5 minutes later & make the tea. This is especially important when its -30C outside the house."

            You know...moving the kettle INSIDE your house, and off of the porch, in the Winter might be a good solution. Chances are the temperature inside your house isn't -30C.

        2. Anonymous Coward
          Anonymous Coward

          Re: Kettle user

          Impacted ;)

      2. Allan George Dyer

        Re: Kettle user

        @Stoneshop - But it does have a facial recognition function that can be enabled.

  4. NanoMeter
    Facepalm

    Must be a...

    ...hipster thing...

  5. Doctor Syntax Silver badge

    Presumably all this wifi enabled stuff, routers, kettles, webcams or whatever, has to have FCC, UL & a stack of other approvals. That provides a chance to introduce a very simple rule. When first installed factory settings only make provision for setup. Only when it's been configured to at least some degree of security does it start to route, boil water, show pictures or whatever.

    1. Captain Badmouth

      Only when it's been configured to at least some degree of security does it start to root, boil water, show pictures or whatever.

      Fixed.

  6. Mage Silver badge
    Boffin

    Bogus firmware updates?

    Maybe as simple as changing the DNS server used, then making firmware.ithing.com point to the malware?

  7. Kevin Johnston

    So how long...

    before we have an iHammerDrill getting pwned and used to mine Bitcoins?

  8. David Lawrence

    Do NOT want

    I simply can't see the point in ANY household appliance being 'connected'. You have to get off your lazy, fat arse in any case, to either put stuff (eg water, clothes, food) in and to take stuff (eg hot water, clean clothes, food) out again.

    I kind of get a fridge/freezer/larder that can tell me what I need to order (or possibly passing the order direct to the supermarket of my choice) but we are nowhere near that level of maturity yet.

    I kind of get a central heating system I can control from my mobile phone when I am out but the advantages/savings are outweighed tenfold by the cost of the gear.

    I say stop now before it all ends in tears.

    1. FlossyThePig

      Re: Do NOT want

      "I kind of get a central heating system I can control from my mobile phone when I am out but the advantages/savings are outweighed tenfold by the cost of the gear."

      If you mean the Nest/Hive "Smart" controllers I ask how often do you adjust your non smart timer/thermostat?

      The Evohome type system is much more controllable and much more expensive, but has the potential of far greater savings.

      1. clatters
        FAIL

        Re: Do NOT want

        I have seen NEST working and it is quite clever in the way it controls the central heating. However, my IT and security part of my brain melted when it showed quite clearly in the web-page, the hours that the house was uninhabited and the general movements of the individual in the house. Best time to burgle the place would be Tuesday between 10:00 and 16:00. Save a few pennies on your heating and increase your contents insurance in subsequent years. Err!

    2. Stoneshop
      Flame

      Re: Do NOT want

      I kind of get a fridge/freezer/larder that can tell me what I need to order (or possibly passing the order direct to the supermarket of my choice) but we are nowhere near that level of maturity yet

      What I want my freezer and fridge to do is notify me in case of their temperature being out of bounds. No more, no less.

      If it's going to be able to order it also needs to know not just what I want to eat as well as have in stock, but also that I'm going to have guests tomorrow, one of which has special dietary requirements. Which means there needs to be an non-clunky* interface to allow setting those options; if I have to go to the supermarket anyway to get the additional stuff because the fridge doesn't cater to that, it might as well not bother in the first place.

      A remotely-controllable room thermostat shouldn't need to cost more than EUR.100 over a model with similar smarts without the remote control option, as long as it's just that: being able to receive a signal that says "I want the temperature to be $preset(comfortable) instead of $preset(low) in half an hour". No freely-settable temp, no reporting back, or anything else the 'developers' might think is a neat option that invariably introduces security holes and a dependency on external systems.

      * plus a pony, and world peace.

      1. John Brown (no body) Silver badge

        Re: Do NOT want

        "No freely-settable temp, no reporting back, or anything else the 'developers' might think is a neat option that invariably introduces security holes and a dependency on external systems."

        Hammer, meet nail. Pretty much *every* IoT device I've seen so far seems to want to connect to the suppliers servers so that *you* can control *your* device via some crap app. WTF is that about if it's not just slurping data for the sake of being able to slurp data?

  9. Anonymous Coward
    Anonymous Coward

    That's totally unnatural. Coffee before IT is the natural order of things. IT before coffee is just wrong.

  10. swagv

    Fule under "Well duh"

    Enamored with the technology and not the end product. This is what always happens.

  11. rob_leady
    Coffee/keyboard

    But does it conform to standards ?

    The Hyper Text Coffee Pot Control Protocol has been around for years...

    I wonder if it conforms ?

    https://www.ietf.org/rfc/rfc2324.txt

  12. skeptical i
    Pirate

    hackable coffeepot

    $brew =~ s/morningblend/decaf/; # cut productivity at the knees. the terrorists have won

  13. Commswonk

    No! No! No!

    David Lawrence wrote: I simply can't see the point in ANY household appliance being 'connected'. You have to get off your lazy, fat arse in any case... which brings me to the certain horror of the toilet joining the IoT. I do not want anyone else to know how long I spend there, what I do, how much paper I use, details of the sound effects, what I thought about and so on, including an assessment of how much enjoyment I derived from the experience, not least because of the difficulty of coverting a rather subjective rating into a figure someone can log.

    Oh and whether I left the seat up or down; definitely not that one.

    1. Anonymous Coward
      Anonymous Coward

      Re: No! No! No!

      ...someone can log

      I see what you did there.

    2. John Brown (no body) Silver badge

      Re: No! No! No!

      "which brings me to the certain horror of the toilet joining the IoT."

      Considering the array of "extras" available on some Japanese bogs, I have no doubt there is available already at least one internet connected bog which analyses your logs and send off the results to your doctor.

  14. Gannettt

    @internetofshit - they should know about this!

    1. Captain DaFt

      "@internetofshit - they should know about this!"

      Old news. The working name was Web 2.0.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like