How a coffee machine can become a dangerous ransomware
The cybersecurity specialist modified the coffee machine's firmware and made it demand a ransom.
By modifying the coffee machine's firmware, an Avast specialist was able to make it display a ransom demand on the display for continuing work.
As researcher Martin Hron explained, the purpose of the experiment was to prove that all IoT devices, not just those connected to the Internet, can pose a security threat. “I also bet that I can make the threat permanent and really dangerous for the user,” the researcher said.
According to Chron, he views the firmware as software, which means, like software, the firmware can contain vulnerabilities that could allow an attack on the device.
“We see them (firmware vulnerabilities - ed.) All over the place. Vulnerabilities in the CPU and cryptographic chips that generate weak keys that can be easily cracked. The weak security of the IoT is largely due to the fact that it is now more convenient and cheaper to put a processor inside the device that controls and coordinates all the hardware components, motors, sensors, heating elements, etc. using a short program called firmware. This solution is not only cheap, but also has one important property - it can be updated, ”explained Chron.
The process of updating the firmware can be done in different ways, from using special hardware tools (physical actions are required) to the more popular over the air (OTA) updates that are delivered automatically (via the Internet) or semi-automatically (users need click on the corresponding notification).
Building on previous research, Chron has outlined five basic steps that can be used to reverse the firmware update process:
- Get a file with firmware;
- Extract it if it is archived or encrypted;
Reverse engineering ("translate" ones and zeros into a meaningful code);
Modify the file (add malicious components);
Download it and send it to the target device.
Having done all of the above, Chron and his team were able to modify the coffee machine's firmware in just 15-25 seconds. At first, he wanted to force the device to mine cryptocurrency, but this idea had to be abandoned. Although the architecture of the processor allows it, its speed makes the mining process inefficient. In this regard, the researchers decided to turn the coffee machine into a ransomware machine, displaying a ransom demand on the display if a certain trigger is triggered.