Command line coffee machine: Hacker shuns app so he can stay at the keyboard for longer
Reverse engineering turns 'Smarter AM' into brew-bot
Zimperium researcher Simone Margaritelli has hacked his coffee machine finding a way to brew coffee using the command line.
It means hackers can choose to ignore apps when they need a coffee and instead stumble over to a laptop and bash away at a terminal.
There is some usefulness however; Margaritelli says he and other hackers might prefer the code crunching as they work from laptops.
"Since I work from home, most of the times I’m using the computer keyboard, not a smartphone, therefore I wanted a console client for it," Margaritelli says
"[This is] something that the vendor never released, so I started reversing the Android application in order to understand the communication protocol and write my own client implementation."
His hacking did not uncover serious security bugs but it would let fellow hackers on the same network as the coffee machine to mess with its firmware without requiring authentication, something that could leave the device bricked.
"Even if the mobile app requires you to register an account, access to port 2081 is completely unauthenticated [so] anyone on your network could access it and even flash a new firmware with no authentication required."
The company was last year found to be spilling WiFi passwords all over London through vulnerabilities in its iKettle line.
The devices would brew cleartext WiFi passwords when a physical attacker shipped a disassociation packet to the devices, after setting up a mimic SSID WiFi network.
Attackers would gain their target's WiFi password when the device reconnects to their evil access point.
The same Pen Test Partners researchers mapped iKettles across London making the attack vector significantly more fun. ®