Your coffeemaker been hacked [yet]?

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong…

Security problems with Smarter products first came to light in 2015, when researchers at London-based security firm Pen Test partners found that they could recover a Wi-Fi encryption key used in the first version of the Smarter iKettle. The same researchers found that version 2 of the iKettle and the then-current version of the Smarter coffee maker had additional problems, including no firmware signing and no trusted enclave inside the ESP8266, the chipset that formed the brains of the devices. The result: the researchers showed a hacker could probably replace the factory firmware with a malicious one. The researcher EvilSocket also performed a complete reverse engineering of the device protocol, allowing reomote control of the device.

As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord…

The cautionary tale moves on and offers humor, corrective suggestions…and not a boatload of hope for up-to-date standards. Generally, firmware updates stop in a few years…even though beaucoup electronic products work for many more. As they should.

Texas residents warned of brain-eating microbe in drinking water

Texas officials have warned residents of some communities near Houston to stop using tap water because it might be tainted with a deadly brain-eating microbe.

The commission issued an advisory warning people not to use tap water for any reason except to flush toilets in Lake Jackson, Freeport, Angleton, Brazoria, Richwood, Oyster Creek, Clute and Rosenberg.

Those communities are home to about 120,000 people. Also affected are the Dow Chemical works in Freeport, which has 4,200 employees, and the Clemens and Wayne Scott state prison units, which have 2,345 inmates and 655 employees.

Some think that folks in Texas are never surprised when they receive warnings like this.