Command line coffee machine: Hacker shuns app so he can stay at the keyboard for longer

Reverse engineering turns 'Smarter AM' into brew-bot

Zimperium researcher Simone Margaritelli has hacked his coffee machine finding a way to brew coffee using the command line.

Margaritelli (@evilsocket) says he reverse engineered the app used to control the Smarter AM coffee machine.

It means hackers can choose to ignore apps when they need a coffee and instead stumble over to a laptop and bash away at a terminal.

There is some usefulness however; Margaritelli says he and other hackers might prefer the code crunching as they work from laptops.

"Since I work from home, most of the times I’m using the computer keyboard, not a smartphone, therefore I wanted a console client for it," Margaritelli says

"[This is] something that the vendor never released, so I started reversing the Android application in order to understand the communication protocol and write my own client implementation."

Youtube Video

His hacking did not uncover serious security bugs but it would let fellow hackers on the same network as the coffee machine to mess with its firmware without requiring authentication, something that could leave the device bricked.

"Even if the mobile app requires you to register an account, access to port 2081 is completely unauthenticated [so] anyone on your network could access it and even flash a new firmware with no authentication required."

The company was last year found to be spilling WiFi passwords all over London through vulnerabilities in its iKettle line.

The devices would brew cleartext WiFi passwords when a physical attacker shipped a disassociation packet to the devices, after setting up a mimic SSID WiFi network.

Attackers would gain their target's WiFi password when the device reconnects to their evil access point.

The same Pen Test Partners researchers mapped iKettles across London making the attack vector significantly more fun. ®

Biting the hand that feeds IT © 1998–2020