Slashdot Mirror

← Back to Stories (view on slashdot.org)

All Your Coffee Are Belong To Us

Posted by kdawson on from the pouring-over-it dept.

Wolf nipple chips writes "Craig Wright discovered that the Jura F90 Coffee maker, with its honest-to-God Jura Internet Connection Kit, can be taken over by a remote attacker, who can cause the coffee to be weaker or stronger; change the amount of water per cup; or cause the machine to require service (call this one a DDoC). 'Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.' An Internet-enabled, remote-controlled coffee-machine and XP backdoor — what more could a hacker ask for?"

45 of 354 comments (clear)

  1. Bah! by BWJones · · Score: 5, Funny

    Bah! Get your coffee and an old school French press to brew the tastiest coffee. Put your hacking efforts into the roasting, selection and cultivation of your beans and leave the time and resource wasting, lame Windows controlled coffee makers to the junk heap of history.

    --
    Visit Jonesblog and say hello.
    1. Re:Bah! by Anonymous Coward · · Score: 5, Funny

      Keep up with time mate, it's called a Freedom Press

    2. Re:Bah! by Joebert · · Score: 4, Funny

      I wave my private parts in your French press's general direction.

      You know that feeling you get when you know you should tell someone they're about to do something really painfull, but you don't want to say anything because you haven't had a good laugh all week ?
      --
      Wanna fight ? Bend over, stick your head up your ass, and fight for air.
    3. Re:Bah! by SMS_Design · · Score: 5, Informative

      I believe they're referring to a Moka pot, actually.

    4. Re:Bah! by LizardKing · · Score: 4, Informative

      You're not supposed to keep them clinically clean. As any Italian will tell you, only wash a cafitiere with warm water - no washing up liquid or other kind of detergent. Not only will this increase the life of the rubber sealing ring, it improves the taste over time as the jug becomes coated with a coffee residue (even the Wikipedia article mentions this). As for burning the coffee, what are you using to heat the thing, a flamethrower? As the water reservoir heats, steam is passed through the ground coffee, meaning it can't burn unless you're heating the sides of the cafetiere.

    5. Re:Bah! by 1karmik1 · · Score: 5, Informative

      I'm italian, Coffee for us is either Moka or Espresso. At home, the best of the best is always moka. Even buying bar-grade espresso machines (the 3000$+ ones) isn't the same because with those machines (that makes an OUTSTANDING coffee) you had to make several hundreds coffee/day to remove the taste of brandnewness from them. A Moka can get to working order with few tens of runs. Every household in italy has a Moka. It's cheap and it makes a great coffee. (I wouldn't call Espresso tho, Espresso is even less water/even more coffee. Moka is something in between Espresso and $EVERYOTHERPARTOFTHEWORLD-coffee but more on the Espresso side (it's still a lot lot lot less water than any other coffee.). If you happen to stop by italy buy a Bialetti one, you won't regret it (we're talking 20$ here, nothing anyone could go bankrupt with.). Even more useful if you got a coffee grinder or a shop that sells moka-grinded coffee, since the grains are a little different from american-coffee ones (not sure which one is bigger. Moka ones are definitely bigger than espresso, which are the smallest.)

      --
      Violence is the last refuge of the incompetent.
    6. Re:Bah! by cayenne8 · · Score: 4, Funny
      "If you have a party where everyone needs coffee, even having a couple of them won't be enough..."

      Hmm...I don't think I've ever been to a party where coffee was an issue...??

      Usually we're concerned on not running out of beer, wine or liquor...

      "Hey Phil, the Tigers are about to score again, can ya toss me a nice hot latte without too much foam?? Your out? WTF? Ok...I'm outta here, lets to to the local Starbucks, where they know how to treat a sports crowd!!"

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  2. Java? by Arakageeta · · Score: 5, Funny

    I wonder how well it runs Java...

    1. Re:Java? by ozmanjusri · · Score: 4, Funny

      Maybe if it was running WinCE.

      --
      "I've got more toys than Teruhisa Kitahara."
    2. Re:Java? by lanswitch · · Score: 5, Funny

      I'm only interested if it can do Cocoa as well.

  3. Sex? by pembo13 · · Score: 5, Funny

    Sorry, that's the first thing that came to mind on the question of what more could a hacker want.

    --
    "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
    1. Re:Sex? by jd · · Score: 5, Funny

      I assume the question is limited to things within the realms of reality, rather than science-fiction (the only known environment where geeks get laid). Of course, a totally evil hacker might upload a suitable hot coffee mod.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. Setting the scene by BWJones · · Score: 5, Funny

    I mean come on now... what good can an Internet connected coffee maker really do? No security conscious office will ever want a Windows enabled appliance around. Just imagine the scene:

    Special Agent Wilkins: How the Hell did they get in?

    Special Agent Thompson: Sir..... I... uh, think they got in through the coffee maker.

    Special Agent Wilkins: The What?

    Special Agent Thompson: Sir, the coffee maker that we got you for your birthday... the one that you wanted to be able to brew up a cup o joe from your office?

    Special Agent Wilkins: Oh fsck me....

    --
    Visit Jonesblog and say hello.
    1. Re:Setting the scene by jd · · Score: 4, Informative

      This is what happens when coffee pots go on the Internet, albeit in a different way. A similar effect was probably intended, though.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  5. What more could a hacker want? by katterjohn · · Score: 4, Funny

    How about the coffee?

    1. Re:What more could a hacker want? by jd · · Score: 4, Funny

      Hmmmmm. I wonder what would happen if someone totally evil patched the code so you had to win at minesweeper to get the coffee?

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    2. Re:What more could a hacker want? by WWWWolf · · Score: 5, Funny

      How about the coffee?

      Ah, the cleverness of the hack in question is not that they can make the coffee maker to produce coffee, no. The evil hax0rs really want the coffee.

      Employee 1: "This has to be the most ridiculous work order I've ever received."
      Employee 2: "What is it?"
      E1: "At precisely 12:02, I'm supposed to take the cup from the coffee percolator and deliver it to this address a few blocks away."
      E2: "What? Are you kidding?"
      E1: "No, it's on our company letterhead. Signed by the CEO. 'Deliver this cup of coffee to our IT subcontractor. This may sound like an unusual order, but millions are at stake here.'"
      E2: "Well, I wonder what those primadonnas come up with next time?"

  6. EVERYBODY PANIC! by rossz · · Score: 4, Funny

    Screw the company web server. Screw the sql database server. They've hacked the coffee machine! AHHHHHHHHH!!!!!!

    --
    -- Will program for bandwidth
  7. Re:hmmm by Anonymous Coward · · Score: 5, Funny

    Yeahhhhhh, i'm gonna have to go ahead & ... disagree with you there, yeahhh. I'm not sure hacking Lumberg's coffee maker is going to have any affect on him, yeahhh, you see, Lumberg doesn't sleep as he is up all night continually drinking from his perpetually-full mug, even as he bangs your girlfriend.

    btw, I'm gonna have to ask you to go ahead and come in on Sunday, too... :-P

  8. HTCPCP by Anonymous Coward · · Score: 5, Funny

    So, does this device conform to the HTCPCP (Hyper Text Coffee Pot Control Protocol) [http://www.faqs.org/rfcs/rfc2324.html] ?

    1. Re:HTCPCP by Pikoro · · Score: 4, Funny

      "Coffee pots heat water using electronic mechanisms, so there is no fire. Thus, no firewalls are necessary, and firewall control policy is irrelevant."

      That is the essence of the problem.

      --
      "Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
  9. Not a constantly-connected device by aaronbeekay · · Score: 5, Informative

    As far as I can tell, the coffeemaker *doesn't* run Windows-- the exploit is in the "connection kit", which is software that runs on a PC, which plugs into the coffeemaker, which lets coffee-people fix your coffeemaker from afar.

    So this wouldn't have much in the way of applicability unless you knew someone with this particular $2000 coffeemaker, which was already experiencing problems, who had purchased the $100+ coffeemaker diagnostic kit and had the coffeemaker plugged in, through the diagnostic kit, to their PC at the time.

    Seems like there are better ways to get into Windows.

  10. Re:Weaken them by jamesh · · Score: 5, Funny

    NO one can survive without caffeine!

    I can. I can stop caffeine any time I want to.
  11. At least it was a Coffee Maker... by patio11 · · Score: 5, Insightful

    ... and not, oh, an integrated diabetes management system, pill dispenser, etc...

    --
    Help poke pirates in the eyepatch, arr.
  12. classic example of why... by timmarhy · · Score: 5, Insightful

    ... not everything needs an internet connection

    --
    If you mod me down, I will become more powerful than you can imagine....
  13. That's why they call it a firewall. by Chris+Snook · · Score: 4, Funny

    If you let the whole world control your heating elements, bad things happen. When was the last time you saw an Itanium box with a public IP?

    --
    There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
  14. What's for breakfast? by fyoder · · Score: 5, Funny

    Once the coffee maker is compromised and turned into a rogue email server, breakfast choices will be coffee and spam, coffee egg and spam; coffee egg bacon and spam; coffee egg bacon sausage and spam; coffee spam bacon sausage and spam; coffee spam egg spam spam bacon and spam; coffee spam sausage spam spam bacon spam tomato and spam....

    Vikings: Spam spam spam spam...

    --
    Loose lips lose spit.
  15. Don't people learn by Xarin · · Score: 5, Funny

    Don't people ever learn. If you don't install a firewall, anti-virus protection, and anti-spyware software on your coffee maker, you deserve to be hacked. My coffee maker runs Linux and has never been hacked.

  16. Re:First post? by Anonymous Coward · · Score: 5, Funny

    Have the RIAA sent it a DMCA takedown notice for sharing files yet?

    PC LOAD COFFEE

  17. Tea by ozbird · · Score: 5, Funny

    Whatever you do, don't ask it for a cup of tea while it's connected to the Internet. "Share and enjoy."

  18. Coffee by dunezone · · Score: 5, Funny

    I, for one, welcome our new coffee brewing overlords.

  19. Did you hear the ones about... by pandrijeczko · · Score: 5, Funny
    Did you hear the one about the Microsoft coffee maker?

    It makes tea then convinces you that you only ever wanted a tea.

    Did you hear the one about the Apple coffee maker?

    It does an amazing Mocha Frappucino with whipped cream, caramel sauce and a chocolate flake in the top but doesn't know how to make a plain black coffee.

    Did you hear the one about the Linux coffee maker?

    v0.1 made a good plain coffee but it took a while doing it, v1.0 makes good plain coffee but there's a patch that allows it to make better tea than the Microsoft coffee maker and v2.0 gives you a cup of plain coffee, a cup of whipped cream, a cup of caramel sauce, a chocolate flake in a wrapper and tells you to make the coffee how you want but for a much lower price than the Apple one.

    Did you hear the one about the Vista coffee maker?

    Nope, neither did I but then who gives a shit.

    --
    Gentoo Linux - another day, another USE flag.
    1. Re:Did you hear the ones about... by mrogers · · Score: 5, Funny

      Did you hear the one about the OpenBSD coffee maker?

      Theo De Raadt makes a perfect cup of espresso and then throws it over your shirt.

  20. What more could a hacker want? by CoolGopher · · Score: 4, Funny

    An Internet-enabled, remote-controlled coffee-machine and XP backdoor -- what more could a hacker ask for?

    Access to the coffee his new bot brews?

  21. Re:Weaken them by algerath · · Score: 4, Funny

    You know the first step in getting help is admitting that you have a problem.

  22. A culture of helplessness by jandersen · · Score: 4, Insightful

    This is probably going to be simply ignored, as it is just one of my pet peeves; but as it is one of my pet peeves, I will proceed none the less. Consequently, this is my Message To The World:

    What's the bloody sense in making a thing like this - let alone owning one? It is not exactly demanding, making you own coffee: put ground coffee beans in your favourite cafetiere/filter/mysterious glass thing with a spirit burner, add water, possibly hot. Wait for the magic to unfold right before your very eyes. Pour and drink. If you want to go all out, you grind your own coffee beans.

    Recently I've seen more and more of these pointless gadgets where you insert a little foil capsule into a complicated piece of equipment and out comes a mediocre cup of coffee that has cost probably 10 times as much as a good cup of hand-made coffee; and you will have left a huge, reeking carbon footprint in the process. Plus, after a while you will have convinced yourself that you could never go back to doing it the old way - in other words, you have become dependent on a silly gadget, a little bit more helpless.

    I suppose that is exactly where the industry wants us: unable to cook our own food, so we have to rely on ready made crap, unable to perform even the simplest of everyday tasks, because we rely on household machinery. Why do people fall for it? We honestly don't need most of these things unless we suffer from a physical disability; and they don't actually save us any meaningful time - by which I mean time we then spend on doing things that are worth doing rather than sit down to watch tv or play computer games.

  23. Check with the Internet Engineering Task Force by JakartaDean · · Score: 5, Interesting
    Well, I hope someone is checking whether this thing is truly RFC 2324 compliant.

    http://tools.ietf.org/html/rfc2324

    --
    The subject who is truly loyal to the Chief Magistrate will neither advise nor submit to arbitrary measures (Junius)
  24. Mornings for me... by ockegheim · · Score: 4, Funny

    ...involve coffee and a hacking cough, so maybe it would suit me.

    Reminds me of the toaster in Red Dwarf.

    My coffee machine was designed in the 1950s, and makes brilliant coffee if you put enough love in.

    --
    I’m old enough to remember 16K of memory being described as “whopping”
  25. Re:Weaken them by Upphew · · Score: 4, Funny

    But if I don't have a problem, then I don't need help, so why should I admit anything?

  26. It could actually be dangerous... by ewrong · · Score: 5, Funny

    1: Hack your competitiors coffee machine.
    2: Set it to only serve decaff.
    3: Sit back and watch their productivity go through the floor.

  27. I wonder by Etrigoth · · Score: 5, Funny

    Is this technically a Java exploit ?

    *sorry*

    --
    When we remember we are all mad, the mysteries disappear and life stands explained.
  28. but of course by nimbius · · Score: 5, Funny

    just another entry in a long list of devices that, while harmless otherwise, now have the ability to injure you once integrated with Microsoft Windows.

    --
    Good people go to bed earlier.
  29. Re:First post? by Zeinfeld · · Score: 5, Informative
    I have been predicting this one for a while, I wrote in the manifesto that nobody is going to want home automation if it means having to worry if Mr Coffee has been recruited into a botnet.

    The solution I proposed there was that a coffee pot does not get a full Internet connection. Instead of the default being full access we switch to default deny. It only gets to connect to the local net at all after authentication. And it only gets access that is appropriate to its function and consistent with site policy. Obviously the typical consumer is not going to be writing security policies so this process is going to have to be automated which is where a small amount of Semantic Web technology comes in.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  30. Re:First post? by CastrTroy · · Score: 5, Funny

    PC LOAD COFFEE? WTF does that mean?

    Here's some extra text to get past the caps filter.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  31. Re:First post? by funaho · · Score: 5, Funny

    A simpler solution is, when putting your coffee maker on the Internet, to make sure JavaScript is turned off.

    Yes, I made a horrible pun. :)