Thinking about Pwning a Soda Machine.

A local Popeye's has one of those Coca-Cola Freestyle machines. It was a little unusual because it didn't have a touchscreen, instead you join their WiFi network, scan the QR code with your phone which sent you over to a website where are you made your selections which filled the cup. Found it interesting for a couple reasons, although smartphones are popular, I'm surprised that they've gained such ubiquity that they become the default way for a person to fill their drink. Also I'm surprised, that people would willingly be joining Popeye's internal Wi-Fi network in order to get their soda filled.  

It was interesting to see people young and old trying to dope about how to fill their cups.  The advantage of the freestyle machine with the touchscreen is that there was very little learning curve push your cup against the thing that said ice, put your cup under the spout, select the flavor you want and poof you had soda. No joining networks, no scanning barcodes, you need to little if any tech-support. Here they had to be an employee that stood there showing people how to use it and filling soda for people who didn't have phones or were technical neophytes. It's funny although QR codes seem simple, I've heard them referred to as the herpes of technology. I'm not sure that's exactly the case but I think that there are people who are intimidated by them and don't get exactly how they work.  When you consider that the customer facing soda machines were installed because it's cheaper to allow a customer to refill their soda several times than it is to pay an employee to fill sodas, we've taken a step backwards and I don't suspect it'll improve with user education.

As always I wonder how easily this could be abused. Imagine joining the Wi-Fi net work, sitting at the opposite end of the restaurant and just screwing with the machine. Causing the machine to run with no one in front of it so soda is spilling all over the floor, we're changing somebody's flavor as they're filling their cup.  Also, I presume like most other Internet of Things devices the webserver is running on the soda machine so I wonder about the potential exploits  and what one could do if they pwned a soda machine