[foldor]

Hard disagree. That "smart IoT coffee maker" stores your wifi details, including the password so it can reconnect. I appreciate the level of sophistication and effort required for someone to be able to abuse that is beyond the realm of likelihood, it's not unreasonable to believe that there may be higher value targets (like journalists) who are being targeted where this is a reasonable method for dedicated attackers to use to gain access to a targets home network. Better to just secure these things by default.

[crispyambulance]

It really depends on the situation. For a mature, mass-produced product going into sensitive places, sure, disable it before it goes into the field. Same for very security-focused hardware.

But most of the "pizza-box-shaped" things I've worked on in telecom have jtag enabled even when in the field. I've never thought about it much, but to actually get to a jtag interface requires a level of physical access that would be far-fetched unless you're talking about "James-Bond-level" bad actors or "inside-job" people who are already entrusted with an enormous amount of privileges anyway.

JTAG is super useful for troubleshooting and in general, for things that aren't throw aways and that can be repaired, re-calibrated, or re-configured, it makes sense to keep it available.

[londons_explore]

If your attack vector is bad guys with physical access to the circuit board, disabling JTAG will only be a minor speedbump to them.

The vast majority of microcontrollers aren't hardened against physical attack - especially not anything with wifi capability.

"disable jtag" is intended to make it harder to make modchips (ie. bypass the coffee subscription), but doesn't help against someone willing to do a one-off glitching attack or similar to dump secrets.

[OJFord]

You're worried about someone with physical access and time to dump info from a JTAG header gaining the WiFi password?

[bongodongobob]

Target throws out coffee maker. Threat actor goes through trash. They don't have to break into the building to get it.

[buildbot]

If someone is targeting you that precisely they are sorting through your trash for a coffee maker, then I would posit you are already in deep trouble and they'd likely do something easier like wait for you to leave and insert physical access into your network then...

[tverbeure]

The $5 password circumvention device comes to mind. https://xkcd.com/538/

[buildbot]

Exactly! Sniffing passwords out of coffee makers is hard to scale. Lots of tech needed/knowledge. Wrenchs scale linearly with people given wrenchs, and typically one does not need training to apply brute force with wrench. You may be able to save on labor even as other primates can use the wrenchs better and with more force than humans.

[jon-wood]

Most offices are going to notice if someone abducts the IT manager and beats the wifi password out of them. They're probably not going to notice that someone took away the trash they threw out.

[theoreticalmal]

Who’s your wrench guy? You’re wayyy overpaying

[OJFord]

And you propose what instead, that the target verifies their coffee maker manufacturers disable the JTAG interface on production units so that they can throw it away without worrying about this?

Seems like the wrong solution to an already absurd/niche threat model.

[bongodongobob]

I'd propose not buying wifi coffee makers if you're worried about security.

[OJFord]

Yeah ok exactly? So why care about JTAG enabled?

[bongodongobob]

I commented on the fact that you don't need to break in to get the coffee maker. Stop trying to pick a fight.

[numpad0]

That's why lots of companies crush perfectly good Surfaces and 2242 SSDs when recycling.

[yjftsjthsd-h]

The irony, of course, being that those can generally be properly wiped to safely resell. Or, if it matters, the thing should have been using full disk encryption so it's irrelevant.

[beeboobaa3]

People are allowed to throw out a piece of paper with their wifi password written on it as well.

[y04nn]

A plausible scenario I can think of would be in an office space, a shared smart coffee machine that would be stolen to gain WIFI access.

[theamk]

Surely the shared coffee machine would be on a guest network with no access to internal resources?

Having separate "guest wifi" is a great idea and provides much better security than trying to ensure none of your IoT devices expose your password.

[numpad0]

One of items often missing from discussions on security on the Internet is that the first step of security is physical security. Phrases like "once they have it it's over", "DRM is not security" are not just mantras, it's reflecting that.

To secure a thing, you are supposed to literally secure the thing, as in, placing the equipment away from walls, bolted down to the floor, chassis locked and rigged for self destruction, perimeters patrolled and monitored by armed guards.

Software security is additional parts that build on top of that physical security. Hardware root of trust, Secure Boot, code signing, all helps, but physical security has to come first.

If you're throwing out the coffee maker not securely erased(military guys call it zeroizing - cool), or not maintaining custody of it by either keeping it to yourself or having dogs and your grandsons taking part watching it at all times, then the coffee maker is technically not secure, by any of those alone.

[fullspectrumdev]

If someone’s breaking into my house and disassembling my IoT coffee machine to hook up some JTAG cables I have bigger problems than someone getting my WiFi password - such as the fact the pricks in my house.

[boznz]

Lots of vectors don't even require JTAG. Coffee maker type devices are likely to be just a $1 a microcontroller with inbuilt flash which you can fuse when programming to prevent reading but is rarely done in small production runs.

flash for microcontrollers such as ESP, Rpi pico etc is usually saved on an 8-pin flash chip which most people forget about and is easy to unsolder and pop into a reader. bigger devices using bootloaders sometimes store a whole FAT32 filesystem in one of these, you can even unsolder most flash and re-mount it with a little skill and suitable hardware.

I once read an AWS private key stored in plain text from an IOT board once. Go figure!

[ronsor]

If your concern is attackers breaking into your home, opening your coffee maker, and dumping credentials over JTAG, I think your threat model might need serious revisions.

[ProllyInfamous]

Just out of curiosity, what coffee-making function would possess somebody enough to connect their coffeemaker to the internet?

My new water heater came with WiFi, and I just cannot understand why my tank needs-do anything more than just heat water..?

[sunshinesnacks]

For the coffee maker, maybe being able to set a schedule to brew in the morning.

For a water heater, participating in a utility program where they modify your temperature sweeping in exchange for a reduced rate or similar incentive.

Those are the first reasons I can think of.

[Dowwie]

What vendor and model water heater did you get? Useful smart features are of the variety that the manufacturer would never enable off the shelf, such as monitoring magnesium anode deterioration so that it could notify a user when it is time to replace the anode. It's against the interests of the manufacturer because replacing the anode extends the life of the heater.

[ProllyInfamous]

It's a Rheem hybrid 50gal.

Lots of interesting suggestions/applications in response to my initial comment. My local electric utility has a smart grid, but offers me as a consumer none of the so-far-listed reasons to connect to WiFi for electricity savings (e.g. no time of use metering)... but it would be cool if the anode deterioration could be monitored [I'll check the manual].

[Larrikin]

There is an entire operating system and a massive amount of functionality in your home that can be unlocked when devices have features like that. It's one of most active projects on GitHub and there's a huge community that knows the value.

The only downside is companies trying to scoop up that data for their own purposes and when companies disable perfectly working products because they claim the servers are too expensive. The Home Assistant community makes a big point of recommending products that guard against issues like that.

https://www.home-assistant.io/

[margalabargala]

Adding to the other reasons listed here:

Some people have solar installations, but do not have 1-to-1 net metering from their power company. For these people, having a connected hot water heater allows them to use their own solar power for heating water when they can, lowering their power bill.

Essentially any high-consumption electrical device can similarly benefit, especially ones that store energy such as hot water heaters and electric car chargers.

[beeboobaa3]

Yikes. You think people shouldn't be allowed to know their own wifi credentials?

Or do you think that physical access does not mean you own the device?