American technology researchers say they've determined a Chinese company is collecting data on the users of its smart coffee machines. “The data is collected at the point of operation from software embedded in the coffee maker,” North Carolina-based New Kite Data Labs says in a new report.
"We present data from a Chinese coffee machine manufacturer producing smart machines that collects data on a variety of subjects including drink production, location, payment information, and other data," the four-page report says. "The broad collection of data through devices with low levels of security and unclear data storage policies should raise concerns."
Though the company isn't named in the report, founder Christopher Balding told the Washington Times it's Kalerm, a company headquartered in Jiangsu. The company sells both commercial and personal coffee machines on four continents—including North America and Europe—both under its own brand and in white label arrangements with other sellers.
Collected data includes records of coffee sales transactions including the location, name of the registered owner, type of machine used, the time of service, the type of beverage served, payment method used on commercial machines, and various other types of data.
“China is really collecting data on really just anything and everything,” Mr. Balding told the Washington Times. “As a manufacturing hub of the world, they can put this capability in all kinds of devices that go out all over the world.”
Thus far, Balding has only determined that Kalerm has collected data from Chinese customers. However, he thinks it's safe to assume the company is extracting the same data in the United States, Europe and elsewhere: “While we cannot say this company is collecting data on non-Chinese users, all evidence indicates their machines can and do collect data on users outside of mainland China and store the data in China."
As Ryan Lovelace notes at the Washington Times, NSA whistleblower Edward Snowden once expressed his wariness of a smart kitchen blender, since it could reveal his location to the U.S. government.
The Chinese coffee machine case "provides evidence as to the scale of the data privacy issues as more [Internet Of Things] IOT devices are adopted by consumers and businesses," says New Kite Data Labs. "IOT devices are widely known to suffer from widespread security shortcomings that are not generally covered by security patches."