DON'T BREW THAT CUPPA! Your kettle could be a SPAMBOT Russian authorities have claimed that household appliances imported from China contain tiny computers that seek out open WiFi networks and then get to work sending spam and distributing malware. St Petersburg news outlet Rosbalt reported last week that local authorities had examined kettles and irons and found “20 to 30 pieces …
This could be done with two or three chips that take up the area of a large postage stamp.
You take a microcontroller with an on-chip oscillator and on-chip WiFi MAC, and enough on-chip memory to hold a small TCP/IP stack like you can get from CMX. Zilog had an eZ80 that could do this over ten years ago.
Add an RF chip and something to use as an antenna and you have a nice little WiFi bug.
Ah, it's on russian state TV. That makes it clearly legit.
... Coming to think of it, if asked to name who would construct a clunky wifi bot so heavy that you notice it in an iron, "Russia" would spring to mind much much earlier than "China". They'd probably do it with leftover Mig or tank parts.
>... Coming to think of it, if asked to name who would construct a clunky wifi bot so heavy that you notice it in an iron, "Russia" would spring to mind much much earlier than "China". They'd probably do it with leftover Mig or tank parts.
It was a dead giveaway considering it weighed 30 tons and the welds looked like they would outlast the universe. As to why the thing had a turret, well I'll be darned...
Pretty obvious from that picture that the device isn't going to do what it's claimed to do. The minimum size would be like around the mini pcie wifi cards + some extra gubbins for processing + extra for dealing with the power.
Unless China is working with, I don't know, alien technology and have suddenly surpassed the technical capabilities of western countries, which is extremely doubtful.
You might have missed the memo: all Western-designed computer technology is built in Asia, and specifically, China. So their technical capabilities are quite on par. Actually, there are very few Western countries that could build the high technology that China does today, and most never have, being happy to outsource to cheap suppliers from the East.
Luckily, being fairly sartorially relaxed (lazy), I almost never iron anything.
As a precaution though, I've beaten my Moulinex kettle to death with the toaster, wrapped the remains in aluminium foil and binned them.
Come to think of it, the microwave's looking decidedly shifty and I've never really trusted it...
Living in a country flooded with cheap Chinese appliances, I am so very tempted to disassemble the [wife's] Mao Tse Tung iron and see if I can find a "tiny computer" that's responsible for the spam we receive.
On a more serious note, wouldn't these "tiny computers" be better suited for "industrial espionage"?
After all, almost every SMB has a kettle that could be in range of a live wireless access point?
Once you've found that some of he shipment of kettles contain a Gooseberry Qi spam machine weighing say 3 grammes, you can weigh 100 standard-manufactured kettles and tell which ones weight 3 grammes more. You can even weigh them in tens and without taking them out of the carton. Martin Gardner used to explain this sort of thing in a column in Scientific American.
Then again, I'm sceptical too. Is there really enough unsecured wi-fi around that they can do that?
" Is there really enough unsecured wi-fi around that they can do that?"
I've just checked and the completely unsecured wifi's hereabouts seem to have gone quiet. However the ones that are visible use the vendor's default name and are openly broadcasting. What's the betting they are also using the default login and password? 'Unsecured' covers a multitude of sins.
Our wifi does not broadcast, uses MAC address filtering and the default settings have been changed.
I'm not naive enough to think that gives us cast iron protection, any more than the locks on the front door will keep out anyone really determined.
Typically, the Russians ban the import of allegedly inferior products from countries they are trying to lean on.
Presumably the Chinese iron and kettle manufacturer ran foul of someone in the Russian import chain.
The chances are the device shown, if not planted by the accusers, is simply a part of the iron's control circuitry.
If you think about it, an iron or kettle is not the ideal place to hide components affected by heat, humidity and physical shock. And it's an awful lot of trouble to go to to distribute spam compared with using the internet.
If you live in India they are about £6 -- Can't find a UK supplier, but they are probably in a local Asian-owned cash and carry or maybe tv shopping channel.
I still think that this article should have been in Bootnotes rather than Security.
Just how sensitive is the weighing machine at the self-service checkout?
Having said that - I'd expect electrical goods to be security tagged. I suppose you could still use the self service whatsit though.
Anyway, thus they'd be weighed and the discrepancy detected - or not. I think most shops would just curse the self service thing manufacturer and pass it.
This post has been deleted by its author
Can't believe nobody's commented on this, but nobody would use a linear powersupply anyway! Switchmode could be made small enough, but geesh, when you're not worried about efficiency or isolation and have a nice place to dump all the heat anyway, a simple capacitive dropper would work much better and more importantly, cheaper
A genuine question, wouldn't the amount of power a kettle or iron needs/uses cause enough interference to adversely affect wireless transmission? Not to mention the heat they create.
I assume these won't be state of the art components or the appliances of particularly high quality construction.
This post has been deleted by its author
It does but I bet it has got a few people asking could it be done and is there any good use for it?
It wouldn't surprise me if those discovering the idea weren't the ones hoping to develop the idea further. I imagine a few here would be willing to crowd-fund such an insert. I would.
It doesn't have to be only for nefarious purposes. Ignoring the creation of spam farms, having distributed computing power everywhere which people can call upon seems a decent enough dream. Maybe MK could fit one inside every mains plug?
There are already Wi-Fi enabled SD cards so it's easily possible at a small size. The main downside is cost but that drops with economy of scale. Pump out a few billion and we could see costs fall significantly.
Gaining access through Wi-Fi isn't too hard either; there's probably an open router nearby and BT have conveniently put FON access in their phone boxes. There's a good chance such a module can find a link to the outside world and, as noted, that becomes easier with router back doors and smart meters.
My coffee pot has a digital timer in it, and that control for the iron doesn't look out of place. However, we are coming into the "everything is connected everywhere" age, so I wouldn't doubt for a moment that a coffee pot or an iron could have WiFi communications in it. It would need to communicate with the electric meter somehow, to let the utility know about what you were doing to need that power.
Isn't surveillance just grand? Never mind your emails, they can snoop on your coffee and ironing.
"Pretty obvious from that picture that the device isn't going to do what it's claimed to do. The minimum size would be like around the mini pcie wifi cards + some extra gubbins for processing + extra for dealing with the power."
Minimum size would be a single chip -- it's easy to put wifi and ARM onto a single die. The power circuitry to supply well under 1 watt is also small too (I doubt they put it on-die).
Or maybe the competitors of the named brand shoved a few boards in the competitors products then sold them to retailers, only to buy them again and get the story in the news. I would say this would be more likely!
Not that you couldnt put a cheap small allwinner chipset based system with wifi in an appliance.....
Irons regularly contain a small microcontroller in them these days with a tip sensor, as part of the safety design. It's there to keep you from pulling a 'Lucy' if you leave it sitting for too long. Low end uC's like tinyAVR and the smaller PICs are common, usually with OTP memory.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
