Insecure internet-connected "honeypot" toaster hacked within an hour


#1

Originally published at: http://boingboing.net/2016/10/28/insecure-internet-connected.html


#2


#3

for best results, hum Rde of the Valkyries


#4

for those who can’t hum


#5

“Assuming it’s publicly accessible, the chance [of being hacked] is probably 100 percent,”

Am I not to assume most routers in the last +5 years have basic firewall and NAT going on to keep the outside world from scanning every port there is inside your network?

This reminds me of a test someone did a few years back of putting an unpatched non SP1 Windows XP machine directly connected to the internet. It was infected and BSOD in like 20 minutes or something… I don’t really know what they expected, the internet is a dirty place.


#6

Link to original article is 404?


#7

hacked


#8

I may be an old fogey, but I simply can’t conceive of any real reason to connect a toaster to the internet. It’s not like you have to get your toast started before you leave work. And I have no interest in comparing my toasting habits with those of my friends, like some sort of yeast-based fitbit.


#9

But just imagine if your toaster used a laser to draw pictures and write messages on your toast. Then there would be a reason to connect it to the net. You could imagine a service that would print the best nearly naked pictures from the Daily Mail on your breakfast complete with the captions about how much side boob they are showing. Or imagine a toaster that could automatically spread stuff, you could IM [1] your friends.

[1]Instant Marmite


#10

Develop a bread printer first, then connect it to the internet.


#11

I’m sure Kingsmill have some of their machinery networked. Perhaps they could assist. The product certainly tastes like it could be printed on.


#12

Our company did a demo where we connected an unpatched system to the Internet (sans firewall) and it was owned in 8 minutes. Chances are there are bots and worms scanning for devices like said toaster. The surprising part is it took an hour.


#13

So that one can have today’s weather forecast in toast form?


#14

#15

Why are we not funding this?!


#16

But… if you’re on vacation, thousands of miles away, how will your toaster be able to contact you to ask if you want toast?


#17

I could take an old Raspberry Pi and shove it out past the router and see what happens, but I’d have to make sure that no one could reflash the boot.

Other people have obviously done it before:
https://blog.anomali.com/who-can-benefit-from-a-raspberry-pi-honeypot


#18

This is why your toaster should always have a kill-switch.


#19

“Toast? I think not. DDoS, instead?”

I like my toast lightly-browned…


#20

If I only had a round tuit I’d make one. At least the laser part should be doable with an overdriven laser diode from a DVD writer. So just saw the top off a scrap tower PC, disable the laser diode safety and cut a slice of bread to 120mm diameter and plonk it on the top. the PC already has a network connection so all that is left to do is a few lines of code. I hereby donate this outline of the idea to the public domain, someone else will have to fill in the few remaining details.

I look forward to seeing a Kickstarter on the subject soon (to be immediately followed by a much cheaper and immediately available Chinese copy on Ali Express).