Smart coffee machines made in China threaten Americans’ data security, researcher says

The worst part of waking up might be Chinese spying in your cup of coffee.

US researcher Christopher Balding said he found evidence that China is devouring data collected by smart coffee machines made in the communist country.

Balding’s report to New Kite Data Labs says the problems with internet-connected coffee machines are part of a broader data collection effort targeting IoT devices with weak security and unclear data policies.

IoT home appliances include robotic vacuum cleaners and thermostats that use machine learning to maintain comfortable temperatures.

“China really collects data on really anything and everything,” Balding said. “As the manufacturing hub of the world, they can put that capability into all kinds of devices that come out all over the world.”

Mr Balding said the problematic coffee machines are made by Kalerm in Jiangsu, China. The machines collect product information, payment data and customer information regarding location and time, according to the New Kite Data Labs report.

The data provides insight into a user’s name, relative location, and usage patterns. In commercial environments such as hotel breakfast buffets, a coffee machine can collect payment types and routing information.

Mr Balding said his research firm would not disclose how it obtained the information because it does not want China to prevent it from learning more about its data collection.

The New Kite Data Labs report made it clear that the data was collected from consumers in China. Still, he said the products are widely sold in the United States and Europe, and data exfiltrated from machines in China is likely coming from machines in the United States.

“While we cannot say that this company collects data on non-Chinese users, all evidence indicates that their machines can and do collect data on users outside of mainland China and store the data in China,” indicates the report. “Data is collected at the point of operation from software built into the coffee maker.”

New Kite Data Labs did not reveal evidence showing that the Chinese government uses the data collected by Kalerm.

Yet China’s policy of military-civilian fusion forces companies to cooperate with the communist government. This means that data stored in China is exposed to the government.

Kalerm did not respond to requests for comment.

Smart coffee machines aren’t the only vulnerable internet-connected devices that put hidden data at risk. Devices can connect to smartphones or have built-in cameras and microphones to detect and respond to voice commands, making more data available to a manufacturer.

Some robotic vacuum cleaners use microphones to respond to user commands. The vacuums can be controlled with apps available through the Apple and Google app stores.

Last year, cybersecurity firm Mandiant said it discovered a vulnerability in baby monitors and video doorbells that use the ThroughTek Kalay network, which could allow hackers to access live video and audio. direct.

ThroughTek said at the time that it informed customers of the flaw and told them how to fix it.

The Cybersecurity and Infrastructure Security Agency issued an alert about the flaw in August. A cybersecurity official noted that the vulnerability resided in a software development kit designed to encrypt data transferred from one point to another and widely used in IoT devices.

China is not the only country interested in the data produced by IoT devices.

Former National Security Agency contractor Edward Snowden expressed concern about a blender.

Mr Snowden, who revealed private details of NSA global surveillance in 2013 and fled to Russia, said the mixer’s electronic signature could reveal its location to the US government and others, according to the Barton Gellman’s 2020 book “Dark Mirror”.

Mr. Balding noted that China operates from a distinct position of gathering all the data it can and figuring out how to use it later.

“Most countries of any significant size probably have an interest in devices like this – make no mistake about it,” Mr Balding said. “I think what’s unique about China is the breadth and depth of their data collection efforts.”

#Smart #coffee #machines #China #threaten #Americans #data #security #researcher

Post expires at 10:57am on Sunday June 26th, 2022