All Your Coffee Are Belong To Us
Wolf nipple chips writes "Craig Wright discovered that the Jura F90 Coffee maker, with its honest-to-God Jura Internet Connection Kit, can be taken over by a remote attacker, who can cause the coffee to be weaker or stronger; change the amount of water per cup; or cause the machine to require service (call this one a DDoC). 'Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.' An Internet-enabled, remote-controlled coffee-machine and XP backdoor — what more could a hacker ask for?"
Bullshit, those machines are secure as a mainframe.
Bah! Get your coffee and an old school French press to brew the tastiest coffee. Put your hacking efforts into the roasting, selection and cultivation of your beans and leave the time and resource wasting, lame Windows controlled coffee makers to the junk heap of history.
Visit Jonesblog and say hello.
I wonder how well it runs Java...
Sorry, that's the first thing that came to mind on the question of what more could a hacker want.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
I mean come on now... what good can an Internet connected coffee maker really do? No security conscious office will ever want a Windows enabled appliance around. Just imagine the scene:
Special Agent Wilkins: How the Hell did they get in?
Special Agent Thompson: Sir..... I... uh, think they got in through the coffee maker.
Special Agent Wilkins: The What?
Special Agent Thompson: Sir, the coffee maker that we got you for your birthday... the one that you wanted to be able to brew up a cup o joe from your office?
Special Agent Wilkins: Oh fsck me....
Visit Jonesblog and say hello.
Now I'm seriously concerned about a coffee trojan vulnerability.
I would hate to find out that my coffee had been maliciously replaced with decaf.
Of course I didn't RTFA... why would I do that? You really are new here aren't you? Don't let my UID fool you.
How about the coffee?
Screw the company web server. Screw the sql database server. They've hacked the coffee machine! AHHHHHHHHH!!!!!!
-- Will program for bandwidth
Yeahhhhhh, i'm gonna have to go ahead & ... disagree with you there, yeahhh. I'm not sure hacking Lumberg's coffee maker is going to have any affect on him, yeahhh, you see, Lumberg doesn't sleep as he is up all night continually drinking from his perpetually-full mug, even as he bangs your girlfriend.
:-P
btw, I'm gonna have to ask you to go ahead and come in on Sunday, too...
So, does this device conform to the HTCPCP (Hyper Text Coffee Pot Control Protocol) [http://www.faqs.org/rfcs/rfc2324.html] ?
I can. I can stop caffeine any time I want to.
If you let the whole world control your heating elements, bad things happen. When was the last time you saw an Itanium box with a public IP?
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
Once the coffee maker is compromised and turned into a rogue email server, breakfast choices will be coffee and spam, coffee egg and spam; coffee egg bacon and spam; coffee egg bacon sausage and spam; coffee spam bacon sausage and spam; coffee spam egg spam spam bacon and spam; coffee spam sausage spam spam bacon spam tomato and spam....
Vikings: Spam spam spam spam...
Loose lips lose spit.
Don't people ever learn. If you don't install a firewall, anti-virus protection, and anti-spyware software on your coffee maker, you deserve to be hacked. My coffee maker runs Linux and has never been hacked.
Whatever you do, don't ask it for a cup of tea while it's connected to the Internet. "Share and enjoy."
I, for one, welcome our new coffee brewing overlords.
It makes tea then convinces you that you only ever wanted a tea.
Did you hear the one about the Apple coffee maker?
It does an amazing Mocha Frappucino with whipped cream, caramel sauce and a chocolate flake in the top but doesn't know how to make a plain black coffee.
Did you hear the one about the Linux coffee maker?
v0.1 made a good plain coffee but it took a while doing it, v1.0 makes good plain coffee but there's a patch that allows it to make better tea than the Microsoft coffee maker and v2.0 gives you a cup of plain coffee, a cup of whipped cream, a cup of caramel sauce, a chocolate flake in a wrapper and tells you to make the coffee how you want but for a much lower price than the Apple one.
Did you hear the one about the Vista coffee maker?
Nope, neither did I but then who gives a shit.
Gentoo Linux - another day, another USE flag.
An Internet-enabled, remote-controlled coffee-machine and XP backdoor -- what more could a hacker ask for?
Access to the coffee his new bot brews?
You know the first step in getting help is admitting that you have a problem.
...involve coffee and a hacking cough, so maybe it would suit me.
Reminds me of the toaster in Red Dwarf.
My coffee machine was designed in the 1950s, and makes brilliant coffee if you put enough love in.
I’m old enough to remember 16K of memory being described as “whopping”
But if I don't have a problem, then I don't need help, so why should I admit anything?
1: Hack your competitiors coffee machine.
2: Set it to only serve decaff.
3: Sit back and watch their productivity go through the floor.
Is this technically a Java exploit ?
*sorry*
When we remember we are all mad, the mysteries disappear and life stands explained.
I was just going to mention that RFC 2324 considered this problem way back in 1998, in section 7 "Security Considerations":
just another entry in a long list of devices that, while harmless otherwise, now have the ability to injure you once integrated with Microsoft Windows.
Good people go to bed earlier.