The worst part of waking up could be the Chinese peeking into your coffee cup.
American researcher Christopher Balding said he has uncovered evidence that China is hoovering up data collected through smart coffee machines that are made in the communist country and shipped to the United States.
Mr. Balding’s report at New Kite Data Labs said the problems with Internet-connected coffee machines are part of a broader data collection effort targeting Internet-of-Things (IoT) devices that have data policies. unclear and low security.
IoT devices include a variety of home appliances, from robotic vacuum cleaners to thermostats that use machine learning to keep people comfortable in the heat of summer.
“China is really collecting data on anything and everything,” Balding said. “As the world’s manufacturing hub, they can put this capability into all kinds of devices that are coming out all over the world.”
Mr. Balding identified the problematic coffee machines as products made by Kalerm, which is located in Jiangsu, China. The machines collect product information, payment data and customer information that includes location and time data, according to the New Kite Data Labs report.
Collectively, this data provides information about a user’s name, relative location, and usage patterns. The data may include financial information, such as payment type and routing information typically used by machines in business settings.
For example, a coffee machine at a hotel breakfast buffet may collect payments from individuals in contrast to the company’s home-use coffee machines.
Mr. Balding said his research firm is not saying how it got the information because he doesn’t want China to stop him from learning more about its data collection inside the communist country.
The New Kite Data Labs report made it clear that the data collection it observed occurred on consumers based in China, though it noted that the products are widely sold in the US and Europe and the distribution makes it likely that the same data taken from machines in China are taken from machines in America.
“While we cannot say that this company is collecting data on non-Chinese users, all evidence indicates that its machines can and do collect data on users outside of mainland China and store the data in China,” the report says. “The data is collected at the point of operation of the software integrated in the coffee maker.”
New Kite Data Labs did not disclose evidence showing that the Chinese government is using data collected by Kalerm.
However, China’s military-civilian merger policies force corporations to cooperate with the communist government, which means data stored in China is exposed to the government.
Kalerm did not respond to requests for comment.
Smart coffee machines aren’t the only vulnerable Internet-connected devices that put Americans at risk of collecting hidden data. Other Internet of Things devices may connect to smartphones or have built-in cameras and microphones to detect and respond to voice commands, making more data available for a manufacturer to collect.
For example, some robotic vacuum cleaners use microphones to respond to user commands, and vacuum cleaners can be controlled by apps accessible on a variety of devices through the Apple and Google app stores.
Last year, cybersecurity firm Mandiant said it discovered a vulnerability in baby monitors and video doorbells using ThroughTek’s Kalay network, which would give hackers the potential to access live video and audio.
ThroughTek said at the time that it had notified customers of the flaw and told them how to address it.
The Cybersecurity and Infrastructure Security Agency published an alert about the flaw last August, and a cyber official said then that the vulnerability resided in a software development kit designed to encrypt data that is transferred from one point to another and used a lot on IoT devices.
China is not the only nation interested in the data produced by IoT devices around the world.
Former National Security Agency contractor Edward Snowden raised concerns about having a blender to make smoothies after fleeing the US for Russia.
Snowden, who disclosed private details of NSA global surveillance in 2013, was concerned that the blender’s electronic signature could reveal his location to the US government and others, according to author Barton Gellman’s 2020 book, “DarkMirror”.
Mr. Balding has pointed out that China operates from a different position of collecting all the data it can and determining how to use it later.
“Most countries of any significant size probably have an interest in devices like this, make no mistake about it,” Balding said. “I think what is unique about China is the breadth and depth of its data collection efforts.”