The BBC covered some interesting news coming out of Russia this week. Apparently Russian hackers put chips inside Chinese made irons and kettles that would hack local networks. This shouldn’t be too shocking as for years security researchers have been warning of the dangers of embedded devices.
Welcome to the new world of computer security!
When is the last time you updated the system patches on your Coffee Pot? Downloaded the latest Anti-Virus for your Thermostat? These may be questions that become common in the next decade. Especially as the push to put everything online climbs and the “Internet of Things” continues to grow.
According to the BBC report, Russian hackers put chips inside Chinese made clothes Irons and electric kettles that look for local Wi-Fi networks, and then hacks them. The devices then spreads malware to systems it finds:
“Its correspondent said the hidden devices were mostly being used to spread viruses, by connecting to any computer within a 200m (656ft) radius which were using unprotected Wi-Fi networks.”
Security experts have been talking about the subject for years now. And this exact scenario sounds eerily familiar to a couple recent security conference talks by Daniel Buentello about weaponizing innocuous every day items like Coffee Pots and Thermostats:
In the talks, Buentello mentions the possibility of compromising an online thermostat and using it to hack systems on local networks and infect them with malware. He also explained that the device could be programmed to monitor the compromised computers and re-infect a system in the case someone removed the virus.
And of course the compromised thermostat would be programmed to continue to also act like a normal thermostat to belie its true intention.
Attacks like this are made possible by the use of embedded servers that are being used in these online devices. These chips are basically fully functional (mostly) Linux based servers that are vulnerable to attack just like any other server on the web.
Except that companies normally don’t make Anti-Virus for thermostats…
Sadly now we will need to keep an eye out for firmware updates and security issues for any electronic devices in our homes or companies that connect out to the internet.
It was just a matter of time before hackers started taking advantage of these embedded chips and it seems that Russian hackers may be leading the charge.
And as a twist to what one Reddit commenter mentioned, In Soviet Russia you don’t hack the Coffee Pot, The Coffee Pot hacks you!