It may sound scary, but while you’re making yourself a cup of coffee, a hacker just may be brewing up an attack. According to security firm McAfee, an internet-connected coffee maker produced by Mr. Coffee and Wemo suffers from a security vulnerability that could let a malcious actor intercept traffic from the device and even schedule the machine to make coffee without the owner’s permission.
he affected device is the Mr. Coffee Coffee Maker with Wemo, first introduced back in 2014. The issue stems from the connectivity provided by Wemo. According to McAfee, Wemo devices communicate with a connected Wemo smartphone app, and can transfer date in two ways: Remotely via the internet or locally, bysending the information directly to the Wemo application. The vulnerabilty occurs when the communication is taking place locally.