Various vulnerabilities have been found in two smart home devices. This includes a smart lock and an internet-connected coffee machine. Because of the vulnerabilities, the devices are relatively easy to manipulate for malicious parties, according to security specialist McAfee.
The vulnerabilities were revealed today by the McAfee Labs Advanced Threat Research team. These are two seemingly innocent devices, but the consequences of a hack can be reasonably large. Solutions for both problems are in the making, so it is important to update them if you have them yourself.
Clever lock hacking
First of all, the smart lock. This is the BoxLock, which was once shown in the Shark Tank series and is intended – as the name implies – to close a box with. Think in particular of a large container in which the parcel deliverer can deposit a parcel. The smart lock makes it possible for the delivery driver to open the lock using a barcode or mobile app. This means that the delivery driver no longer has to leave the parcel on the veranda and that it is safely locked away.
At least: that’s how it should be, but the reality is something else. An investigation by the security specialist shows that the device is quite vulnerable. It uses Bluetooth Low Energy, which has not been properly implemented. This allows malicious parties to simply give the lock a command so that it goes off. The manufacturer of BoxLock is now working with McAfee on a solution.
Smart coffee maker
Then there’s the Mr. Coffee Smart Coffeemaker with WeMo integration. This is a platform from manufacturer Belkin for connecting smart equipment. You can then use the WeMo app to give instructions. So you could turn on your coffee maker from work, so that the coffee is ready by the time you get home.
But the device does not seem to validate requests via WeMo properly. As a result, malicious parties are able to turn on the device. That doesn’t sound very bad in itself, but that also means that the device can be switched on when there is no water in it, for example. If the device then starts to run, it may break down or, in the worst case, lead to a short circuit.
Belkin did not respond to requests from McAfee, but did release an update that should solve the problem.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.