Remix.run Logo
brookst 7 hours ago

I mean your coffee maker could be a one-off spy device with nation-state backing. But it seems unlikely.

skeeter2020 7 hours ago | parent | next [-]

if they can build an internet connected coffee maker with mic and camera for 60 bucks that's freakin' amazing!

mylifeandtimes 4 hours ago | parent | next [-]

$17.60 for the internet connected microphone and camera (see parts list below),

list of coffee machines for under ($60-$18):

https://www.google.com/search?q=coffee+machine+under+%2442

m5stack camera: $7.10 https://shop.m5stack.com/products/unit-cam-wi-fi-camera-ov26...

m5 stack microphone: $3.50 https://shop.m5stack.com/products/pdm-microphone-unit-spm142...

m5stack atom light S3 controller: $7.50 https://shop.m5stack.com/products/atom-lite-esp32-developmen...

misnome 7 hours ago | parent | prev | next [-]

I'm pretty sure they'd be happy to swallow the loss when building a one-off device to specifically target you.

blibble 7 hours ago | parent [-]

defeated by walking into a random shop and picking one off the shelf

rather than buying it from scamazon

appletrotter 5 hours ago | parent [-]

Undefeated when they break into your home

blibble 5 hours ago | parent [-]

at that point the coffee machine is sort of redundant

doubled112 7 hours ago | parent | prev [-]

Would it include a cell radio and SIM card? Or are they hoping for an open WiFi network in range?

alwa 5 hours ago | parent [-]

Radiate the signal out through its power cord, silly.

jlarocco 7 hours ago | parent | prev | next [-]

If Google thought it was okay to hide a microphone, I'm sure less scrutinized companies try to get away with worse. https://www.bbc.com/news/technology-47303077

soopypoos 6 hours ago | parent | prev | next [-]

he did say he was trained at the kremlin...

dylan604 7 hours ago | parent | prev [-]

phew, yet another reason it pays off to not be a coffee drinker.

Tempest1981 7 hours ago | parent [-]

:) I'm sticking with my Aeropress

Marsymars 4 hours ago | parent [-]

I'm sitting here drinking an Aeropress-made coffee as I type this, but thinking about how the kettle I used to boil the water is wifi-connected. (Although the smarts are limited to firmware updates, there's no control of the kettle or useful data collected from the kettle.)

ssl-3 2 hours ago | parent | next [-]

I understand why such a device might have firmware. For instance: The drip coffee maker in my kitchen also has firmware; it is used for things like operating the clock (which I've never set...), starting automatically at a pre-set time, and for turning the hot bits off after an hour or two. It's completely offline; these are just pre-programmed functions that will never change.

But I have some questions, if you've got a moment.

Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?

(And remember: Since the kettle has a radio and a network connection, data collection isn't necessarily limited to kettle operations. Deducing location is easy for a motivated party using wifi and/or bluetooth signals in populated areas where others are using wireless technologies; see, for example: https://www.qualcomm.com/internet-of-things/solutions/qualco... )

Marsymars an hour ago | parent [-]

> Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?

It's a Fellow EKG Pro kettle. They've got release notes here: https://help.fellowproducts.com/hc/en-us/articles/9593179929...

Notably, bug fixes to the same features that your drip coffee maker has (clock/scheduling stuff stuff), and the addition of new languages to the UI.

> What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?

I assume these are somewhat rhetorical questions where we both know the answers - I'm not harbouring illusions here - as with any internet-connected software you have to trust the vendor.

If it were up to me, I'd prefer a Z-Wave-connected kettle that received its firmware updates via Home Assistant... but fancy pour-over kettles are niche enough that a market for a Z-Wave one simply doesn't exist.

As-is, I've got enough trust in Fellow that I'm leaving my kettle connected for firmware updates. Of course, that may change.

ssl-3 30 minutes ago | parent [-]

That's a very nice-looking kettle. Having looked at it, I agree with you completely. It seems rather unlikely that it would turn into a manufacturer-supported attack vector.

We do have a different out-of-band/disconnected/not-wifi way of doing firmware things, and perhaps we should use it more than we do: Bluetooth. It's about as universal as it gets.

I mean: Imagine a Venn diagram, with two groups. One group represents people who update the firmware in their kettles. The other group represents people who have Bluetooth-capable pocket supercomputers.

The two groups overlap so neatly that the diagram is indistinguishable from a circle. :)

iamtedd 3 hours ago | parent | prev [-]

A kettle needs firmware updates?

Marsymars an hour ago | parent | next [-]

I'd say "has" firmware updates rather than "needs". You can see release notes: https://help.fellowproducts.com/hc/en-us/articles/9593179929...

dylan604 3 hours ago | parent | prev [-]

A kettle needs firmware?

Marsymars an hour ago | parent [-]

Some software features are actually quite nice on kettles! e.g. Mine has adjustable altitude calibration which simplifies things that are temperature-sensitive if you live somewhere with a boiling point notably below 100°: https://www.precisekettlepicks.blog/blog/buying-guides-by-us...