On September 25 2020, Martin Hron, senior cyber researcher at Avast, blogged about how he hacked a Smarter coffee machine. He did so without compromising the network the device was connected to or the router itself. He discovered that the device was connected with the companion app in an unencrypted, unsecured way.
The firmware updates were also unencrypted, without any authentication or code-signing involved. Hron thought of turning the device into a cryptocurrency mining machine.
Instead he turned the coffee maker into a ransomware. When triggered, the device was beeping annoyingly. Its malfunction could only be stopped by paying a ransom or pulling the plug permanently.
