News Item

What A Twitter-Controlled Coffeemaker Teaches Us About Home Security

Fast Company, By Neal Ungerleider

Using a coffeemaker, Arduino Uno kit, and a power tail that cost approximately $70, a security researcher has connected the Black & Decker coffee machine to a Twitter feed to prove two things:

  1. You can connect a coffee maker to Twitter...
  2. But you might not want to.

The Arduino OS and some custom code allowed her to get the coffeemaker to make coffee on command through using a hashtag called #driptwit. The account was then left with intentionally weak security, allowing Tiffany Strauchs Rad, a security researcher specializing in connected devices, to simulate a hacker attack and successfully gain “unauthorized” access to her own machine.

Like many security experts, Rad is deeply ambivalent about the wisdom of tech nerds connecting home appliances to Twitter or any other service with relatively weak security. At a recent conference in San Francisco, she showed how she broke into her networked, Twitter-powered coffee machine--with the implicit message that pranksters or criminals could have a ball with any home appliances turned into smart devices via Arduino or proprietary toolkits. According to Rad, many connected devices for the home have firmware with only rudimentary security precautions standing between you and a prankster seeking to fill your kitchen floor with coffee. Read more.