Internet-connected Mr. Coffee machines have security vulnerability, McAfee says

Mr. Coffee Smart Coffeemaker

It may sound scary, but while you’re making yourself a cup of coffee, a hacker just may be brewing up an attack. According to security firm McAfee, an internet-connected coffee maker produced by Mr. Coffee and Wemo suffers from a security vulnerability that could let a malcious actor intercept traffic from the device and even schedule the machine to make coffee without the owner’s permission.

The affected device is the Mr. Coffee Coffee Maker with Wemo, first introduced back in 2014. The issue stems from the connectivity provided by Wemo. According to McAfee, Wemo devices communicate with a connected Wemo smartphone app, and can transfer date in two ways: Remotely via the internet or locally, bysending the information directly to the Wemo application. The vulnerabilty occurs when the communication is taking place locally.

McAfee researchers discovered it is possible to intercept transmissions made between the Mr. Coffee Coffee Maker with Wemo and the connected Wemo app. This can occur because the data is transferred in plaintext with no additional encryption or protection to prevent the information from being viewed by a malicious third party. By viewing that information, an attacker can see different data that is bouncing between the device and the Wemo app, including the brew schedule — times that the device owner has set up the machine to automatically brew a new pot of coffee.

With access to the communication between the coffee maker and app, a hacker could theoretically start inserting their own commands and pushing them to the device. That means an attacker could schedule the coffee maker to turn on without the permission or knowledge of the owner. McAfee pointed out that there is no validation on the source of a scheduled brew, so there is nothing to prevent the action from going forward even though it’s from an illegitimate source.

“Cybercriminals are relentless, and as long as we continue to connect devices to the internet, they will continue to search for ways to exploit them,” Raj Samani, McAfee fellow and chief scientist, said in a statement. “Vulnerability disclosures can be frightening for both the consumers using connected devices and the organizations that create them, however, the process is an essential component of creating a safer future. Cybersecurity researchers, businesses, and consumers working together to expose and eliminate these vulnerabilities keeps us all a step ahead of the bad guys.”

It’s worth noting that these types of attacks would have to be targeted efforts. A hacker would have to be connected to the same network that the vulnerable coffee maker is on. It also requires the coffee maker to be communicating locally rather than remotely, when remote access is the default setting for the machine. When conacted, Wemo parent company Belkin told Digital Trends it issued an advisory for the issue in August and offered a firmware update to address the issue on January 8, 2019.

Emerging Tech

Spacewalk a success as astronauts upgrade batteries on the ISS

The International Space Station was treated to some new batteries on Friday, thanks to two NASA astronauts who took a spacewalk for nearly seven hours in order to complete the upgrades.
Mobile

24 must-have apps for rooted Android phones and tablets

Rooting your Android device opens up a world of possibilities, along with a few apps. Here are 24 of our favorites, so you can make the most of your rooted device and unleash the true power of Android.
Smart Home

Is your coffee maker hiding mold inside? Here's how to clean it

Are you a coffee drinker? If you brew your coffee at home and you don't clean your machine, you could be drinking mold, yeast, and other bacteria. Here's how to clean your coffee maker.
Smart Home

Our favorite coffee makers make flavorful cups of joe from the comforts of home

Whether you're looking for a simple coffee maker to get you through the morning or a high-end brewer that will impress your taste buds and your friends, you'll find some of the best coffee makers around on this list.
Mobile

The Apple iPad Air is the power-packed tablet for everyone

The iPad Air is the less serious cousin to Apple's iPad Pro range, and it's the perfect addition to your coffee table. But it's no less powerful. Here's everything you need to know about the iPad Air.
Deals

Amazon slashes prices on Echo devices that play Alexa’s sweetest-sounding music

Amazon slashed prices on Alexa-controlled Echo devices with the best music sound quality. All Alexa smart speakers stream music, but some sound better than others. Save on Echo Plus and the Echo Sub bundled with Echo and Echo Plus speakers.
Wearables

Alpina makes its AlpinerX smartwatch even more attractive with new colors

Alpina has introduced four new colors to its AlpinerX smartwatch range, breaking the usually sporty watch out into a more everyday casual design, and given the tech a slight makeover too.
Mobile

New gold finish makes Frederique Constant’s hybrid smartwatch flashier than ever

Frederique Constant has found considerable success with its luxury hybrid smartwatch, the Hybrid Manufacture, and has launched several new color schemes to help bring it even more attention.
Wearables

Like a car, this watch has dampers on the strap to make it more comfortable

Like a car, this stunning luxury watch has shock absorbing dampers that attach the strap to the case, rather than a more traditional system, to increase comfort. We've worn one, and it really seems to work.
Gaming

Atlus reveals Persona 5 The Royal, teases mysterious new female character

Atlus revealed Persona 5 The Royal in a trailer that features a mysterious new female character. It appears that the redhead will be an antagonist to the Phantom Thieves of Hearts, but many details about the upcoming game remain unclear.
News

Apple’s Beats to reportedly release truly wireless PowerBeats earphones in April

Beats will reportedly release a truly wireless PowerBeats earphones next month, following the announcement of Apple's new AirPods. The second-generation AirPods received the new H1 chip, which is also expected to power the new PowerBeats.
Gaming

Save big on Corsair gaming headsets and a premium keyboard

From March 24 to 30, you can pick up one of two models of the great Corsair's Void Pro gaming headset on a sweet discount. One of Corsair's best mechanical keyboards is also on sale this week -- at a steep discount.
Mobile

Firefox Send file-sharing service is now an Android app

Mozilla has just launched Firefox Send as an Android app. The free service lets you share files of up 2.5GB via a web link that expires after a certain period of time or number of downloads.
Gaming

Blizzard says Overwatch endorsement system helped slash toxicity by 40 percent

Blizzard said that toxicity in Overwatch is down 40 percent, partly thanks to the addition of the endorsement system. The feature allows players to reward teammates and opponents who show good behavior during a match.