三千哽咽 发表于 2016-10-10 18:40:01
Zimperium researcher Simone Margaritelli has hacked his coffee machine finding a way to brew coffee using the command line.
您需要 登录 才可以下载或查看，没有帐号？立即注册
Margaritelli ( @evilsocket) says he reverse engineered the app used to control the Smarter AMcoffee machine.
It means hackers can choose to ignore apps when they need a coffee and instead stumble over to a laptop and bash away at a terminal.
There is some usefulness however; Margaritelli says he and other hackers might prefer the code crunching as they work from laptops.
"Since I work from home, most of the times I’m using the computer keyboard, not a smartphone, therefore I wanted a console client for it," Margaritelli says
"[This is] something that the vendor never released, so I started reversing the Android application in order to understand the communication protocol and write my own client implementation."
His hacking did not uncover serious security bugs but it would let fellow hackers on the same network as the coffee machine to mess with its firmware without requiring authentication, something that could leave the device bricked.
"Even if the mobile app requires you to register an account, access to port 2081 is completely unauthenticated [so] anyone on your network could access it and even flash a new firmware with no authentication required."
The company was last year found to be spilling WiFi passwords all over Londonthrough vulnerabilities in its iKettle line.
The devices would brew cleartext WiFi passwords when a physical attacker shipped a disassociation packet to the devices, after setting up a mimic SSID WiFi network.
Attackers would gain their target's WiFi password when the device reconnects to their evil access point.
The same Pen Test Partners researchers mapped iKettles across London making the attack vector significantly more fun. ®
上一篇：John Bollinger: ‘Time is Near’ to Pay Attention to China Bitcoin Trading
下一篇：Fly that lands on Hillary Clinton at debate starts internet buzzing