All Your Coffee Are Belong To Us

Wolf nipple chips writes "Craig Wright discovered that the Jura F90 Coffee maker, with its honest-to-God Jura Internet Connection Kit, can be taken over by a remote attacker, who can cause the coffee to be weaker or stronger; change the amount of water per cup; or cause the machine to require service (call this one a DDoC). 'Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.' An Internet-enabled, remote-controlled coffee-machine and XP backdoor — what more could a hacker ask for?"

Not a constantly-connected device

[aaronbeekay]

As far as I can tell, the coffeemaker *doesn't* run Windows-- the exploit is in the "connection kit", which is software that runs on a PC, which plugs into the coffeemaker, which lets coffee-people fix your coffeemaker from afar.

So this wouldn't have much in the way of applicability unless you knew someone with this particular $2000 coffeemaker, which was already experiencing problems, who had purchased the $100+ coffeemaker diagnostic kit and had the coffeemaker plugged in, through the diagnostic kit, to their PC at the time.

Seems like there are better ways to get into Windows.

Re:Bah!

[SMS_Design]

I believe they're referring to a Moka pot, actually.

Re:Bah!

[1karmik1]

I'm italian, Coffee for us is either Moka or Espresso. At home, the best of the best is always moka. Even buying bar-grade espresso machines (the 3000$+ ones) isn't the same because with those machines (that makes an OUTSTANDING coffee) you had to make several hundreds coffee/day to remove the taste of brandnewness from them. A Moka can get to working order with few tens of runs. Every household in italy has a Moka. It's cheap and it makes a great coffee. (I wouldn't call Espresso tho, Espresso is even less water/even more coffee. Moka is something in between Espresso and $EVERYOTHERPARTOFTHEWORLD-coffee but more on the Espresso side (it's still a lot lot lot less water than any other coffee.). If you happen to stop by italy buy a Bialetti one, you won't regret it (we're talking 20$ here, nothing anyone could go bankrupt with.). Even more useful if you got a coffee grinder or a shop that sells moka-grinded coffee, since the grains are a little different from american-coffee ones (not sure which one is bigger. Moka ones are definitely bigger than espresso, which are the smallest.)

Re:First post?

[Zeinfeld]

I have been predicting this one for a while, I wrote in the manifesto that nobody is going to want home automation if it means having to worry if Mr Coffee has been recruited into a botnet.

The solution I proposed there was that a coffee pot does not get a full Internet connection. Instead of the default being full access we switch to default deny. It only gets to connect to the local net at all after authentication. And it only gets access that is appropriate to its function and consistent with site policy. Obviously the typical consumer is not going to be writing security policies so this process is going to have to be automated which is where a small amount of Semantic Web technology comes in.