1. 29
  1.  

  2. 4

    I don’t understand. They have a coffee machine that can connect to two WiFi networks at the same time and bridge traffic? What kind of coffee machine is this?

    1. 2

      From further down in the reddit thread:

      Yhea, It’s a coffee machine the size of a vending machine. It needs the IOT functionality for billing and maintenance. The company I work for gets billed for every cup of coffee it makes, but the upside is that the coffee machines are never broken, dirty or empty. Because a coffee tech comes by every 1-3 days to clean, fill and maintain it.
      https://www.reddit.com/r/talesfromtechsupport/comments/6ovy0h/how_the_coffeemachine_took_down_a_factories/dklx7fc/

      1. 1

        Ahhh, this makes way more sense! ( …almost)

        It makes more sense, in that the firmware or OS of the brewing machine would require greater versatility negotiate payment processing, and that contaminating the air-gapped production network with an untrusted host represents an unforced technical foul up, as end-user error. A coffee pot running a full-featured consumer operating system (such as an unpatched Windows release) would then represent an understandable risk, simply by establishing a connection to the same subnet as other similarly vulnerable machines.

      2. 1

        It would appear that most of these machines let you create and modify the typical “alarm clock” style functions that many ordinary coffee makers support, except this time with a smartphone app. One example being:

        Mr. Coffee Smart Wifi-Enabled Programmable 10-Cup Coffeemaker, BVMC-PSTX91WE, Amazon Link

        Screenshots of the phone app:

        https://images-na.ssl-images-amazon.com/images/G/01/aplusautomation/vendorimages/c75656a0-6004-4851-b1c8-1e8fc69eed69.jpg._CB317479782_.jpg https://images-na.ssl-images-amazon.com/images/G/01/aplusautomation/vendorimages/39b18dbb-cdec-46da-878b-95fd5dd31bd1.jpg._CB317479778_.jpg

        It also lets you know if it’s unable to brew, due to lack of grinds or water or whatever, which is maybe kind of “convenient” I guess… Or at least if you discount the amount of effort it takes to set up the app, and still probably remember to supply the machine yourself most of the time, anyway. Oh, and so long as you’re not running insecure air-gapped Windows XP hosts as mission critical infrastructure, and accidentally expose them to the internet through a coffee pot wormhole…

        1. 2

          I understand the idea of a smart coffee pot. But what kind of smart coffee pot routes traffic between two networks?

          coffee pot wormhole…

          Yeah, exactly. How does that work? The malware on one side of the coffee pot discovers there’s a vulnerable XP machine on the other side how exactly?

          all the coffee machines were showing the same ransomware attack message.

          I mean, what??? The newly installed coffee machines were also running an ancient unpatched version of XP?

          1. 2

            I think it’s completely possible that the coffee machine stored copies of the credentials for the other network, even though it was no longer connected to it. This sort of ransomware is very aggressive about searching for vectors to traverse from one machine to another, because its creators won’t get any money unless the backups are destroyed too. Once it has control of a machine, it really doesn’t matter whether the machine was previously configured to do routing - the machine becomes a new source of infection.

            1. 1

              My interpretation was the coffee pot was on the regular wifi, it was infected, and as part of “troubleshooting” they switched networks.

          2. 1

            Sounds more like it had two interfaces, WiFi and Ethernet and once the machine itself was infected it used the Ethernet connection that shouldn’t have been connected, to infect the control computers on the otherwise air-gapped network.

            1. 2

              This explanation, while sensible, raises so many more questions.