MILAN – China may be using may be using Internet of Things (IoT) software inside smart coffee makers to spy on the owners of the devices. American researcher Christopher Balding claims he found evidence that China is collecting data through smart coffee machines made in that country, The Washington Times reported.
Balding’s report at New Kite Data Labs said internet-connected coffee machines are part of a broader data-collection effort aimed at the “internet of things” devices with low security and unclear data policies.
Smart coffee machines are not the only vulnerable internet-connected devices placing hidden data at risk. Some robotic vacuums use microphones to respond to users’ commands. The vacuums can be controlled with apps available through Apple and Google app stores.
Balding released a special report on Kalerm coffee machines manufactured in Jiangsu, China.
“China is already collecting data on anything and everything,” Balding told the Washington Times. “As a manufacturing center in the world, they can put that capability into all kinds of devices spread all over the world.”
“Chinese data collection, both domestically and abroad, is not limited to purely high value, sensitive directly actionable information but on broad pattern collection information data as well,” reads the report.
“We present data from a Chinese coffee machine manufacturer producing smart machines that collects data on a variety of subjects including drink production, location, payment information, and other data. The broad collection of data through devices with low levels of security and unclear data storage policies should raise concerns.
The data includes records of coffee sales transactions including the type of machine used, the time of service, the type of beverage served, payment method used, and a variety of other information,” explains the report.
“It is unclear whether this information was input by the customer to manage their machines, by the distributor or manufacturer to assist in remote diagnostics of malfunctions.
Though all reviewed data comes from China based machines, this company is known to sell models widely throughout the United States, Europe, and other non-Chinese markets primarily through third party distributors.
While we cannot say this company is collecting data on non-Chinese users, all evidence indicates their coffee machines can and do collect data on users outside of Mainland China and store the data in China. The data is collected at the point of operation from software embedded in the coffee maker.”
“As the proliferation of IOT devices by consumers and businesses continues, the scope of data privacy concerns expands. The data obtained by New Kite Data Labs, and the case presented here illustrates how even mundane IOT device generated data and collected by a private firm can pose privacy concerns regardless of a product manufacturer country of origin,” concludes the report.
China’s policies of military-civil fusion mandate corporations to cooperate with the communist government. That means data stored in China is exposed to the government.
“Most countries of any significant size probably have interest in devices like this — make zero mistake about that,” Balding said.
“I think the thing that is unique about China is the breadth and depth of their data-collection efforts.”