top | item 40275690

(no title)

foldor | 1 year ago

Hard disagree. That "smart IoT coffee maker" stores your wifi details, including the password so it can reconnect. I appreciate the level of sophistication and effort required for someone to be able to abuse that is beyond the realm of likelihood, it's not unreasonable to believe that there may be higher value targets (like journalists) who are being targeted where this is a reasonable method for dedicated attackers to use to gain access to a targets home network. Better to just secure these things by default.

discuss

crispyambulance|1 year ago

It really depends on the situation. For a mature, mass-produced product going into sensitive places, sure, disable it before it goes into the field. Same for very security-focused hardware.

But most of the "pizza-box-shaped" things I've worked on in telecom have jtag enabled even when in the field. I've never thought about it much, but to actually get to a jtag interface requires a level of physical access that would be far-fetched unless you're talking about "James-Bond-level" bad actors or "inside-job" people who are already entrusted with an enormous amount of privileges anyway.

JTAG is super useful for troubleshooting and in general, for things that aren't throw aways and that can be repaired, re-calibrated, or re-configured, it makes sense to keep it available.

londons_explore|1 year ago

If your attack vector is bad guys with physical access to the circuit board, disabling JTAG will only be a minor speedbump to them.

The vast majority of microcontrollers aren't hardened against physical attack - especially not anything with wifi capability.

"disable jtag" is intended to make it harder to make modchips (ie. bypass the coffee subscription), but doesn't help against someone willing to do a one-off glitching attack or similar to dump secrets.

OJFord|1 year ago

You're worried about someone with physical access and time to dump info from a JTAG header gaining the WiFi password?

bongodongobob|1 year ago

Target throws out coffee maker. Threat actor goes through trash. They don't have to break into the building to get it.

y04nn|1 year ago

A plausible scenario I can think of would be in an office space, a shared smart coffee machine that would be stolen to gain WIFI access.

numpad0|1 year ago

One of items often missing from discussions on security on the Internet is that the first step of security is physical security. Phrases like "once they have it it's over", "DRM is not security" are not just mantras, it's reflecting that.

To secure a thing, you are supposed to literally secure the thing, as in, placing the equipment away from walls, bolted down to the floor, chassis locked and rigged for self destruction, perimeters patrolled and monitored by armed guards.

Software security is additional parts that build on top of that physical security. Hardware root of trust, Secure Boot, code signing, all helps, but physical security has to come first.

If you're throwing out the coffee maker not securely erased(military guys call it zeroizing - cool), or not maintaining custody of it by either keeping it to yourself or having dogs and your grandsons taking part watching it at all times, then the coffee maker is technically not secure, by any of those alone.

unknown|1 year ago

[deleted]

fullspectrumdev|1 year ago

If someone’s breaking into my house and disassembling my IoT coffee machine to hook up some JTAG cables I have bigger problems than someone getting my WiFi password - such as the fact the pricks in my house.

boznz|1 year ago

Lots of vectors don't even require JTAG. Coffee maker type devices are likely to be just a $1 a microcontroller with inbuilt flash which you can fuse when programming to prevent reading but is rarely done in small production runs.

flash for microcontrollers such as ESP, Rpi pico etc is usually saved on an 8-pin flash chip which most people forget about and is easy to unsolder and pop into a reader. bigger devices using bootloaders sometimes store a whole FAT32 filesystem in one of these, you can even unsolder most flash and re-mount it with a little skill and suitable hardware.

I once read an AWS private key stored in plain text from an IOT board once. Go figure!

ronsor|1 year ago

If your concern is attackers breaking into your home, opening your coffee maker, and dumping credentials over JTAG, I think your threat model might need serious revisions.

unknown|1 year ago

[deleted]

ProllyInfamous|1 year ago

Just out of curiosity, what coffee-making function would possess somebody enough to connect their coffeemaker to the internet?

My new water heater came with WiFi, and I just cannot understand why my tank needs-do anything more than just heat water..?

sunshinesnacks|1 year ago

For the coffee maker, maybe being able to set a schedule to brew in the morning.

For a water heater, participating in a utility program where they modify your temperature sweeping in exchange for a reduced rate or similar incentive.

Those are the first reasons I can think of.

Dowwie|1 year ago

What vendor and model water heater did you get? Useful smart features are of the variety that the manufacturer would never enable off the shelf, such as monitoring magnesium anode deterioration so that it could notify a user when it is time to replace the anode. It's against the interests of the manufacturer because replacing the anode extends the life of the heater.

Larrikin|1 year ago

There is an entire operating system and a massive amount of functionality in your home that can be unlocked when devices have features like that. It's one of most active projects on GitHub and there's a huge community that knows the value.

The only downside is companies trying to scoop up that data for their own purposes and when companies disable perfectly working products because they claim the servers are too expensive. The Home Assistant community makes a big point of recommending products that guard against issues like that.

https://www.home-assistant.io/

margalabargala|1 year ago

Adding to the other reasons listed here:

Some people have solar installations, but do not have 1-to-1 net metering from their power company. For these people, having a connected hot water heater allows them to use their own solar power for heating water when they can, lowering their power bill.

Essentially any high-consumption electrical device can similarly benefit, especially ones that store energy such as hot water heaters and electric car chargers.

beeboobaa3|1 year ago

Yikes. You think people shouldn't be allowed to know their own wifi credentials?

Or do you think that physical access does not mean you own the device?