Slashdot Mirror

← Back to Stories (view on slashdot.org)

All Your Coffee Are Belong To Us

Posted by kdawson on from the pouring-over-it dept.

Wolf nipple chips writes "Craig Wright discovered that the Jura F90 Coffee maker, with its honest-to-God Jura Internet Connection Kit, can be taken over by a remote attacker, who can cause the coffee to be weaker or stronger; change the amount of water per cup; or cause the machine to require service (call this one a DDoC). 'Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.' An Internet-enabled, remote-controlled coffee-machine and XP backdoor — what more could a hacker ask for?"

30 of 354 comments (clear)

  1. Bah! by BWJones · · Score: 5, Funny

    Bah! Get your coffee and an old school French press to brew the tastiest coffee. Put your hacking efforts into the roasting, selection and cultivation of your beans and leave the time and resource wasting, lame Windows controlled coffee makers to the junk heap of history.

    --
    Visit Jonesblog and say hello.
    1. Re:Bah! by Anonymous Coward · · Score: 5, Funny

      Keep up with time mate, it's called a Freedom Press

    2. Re:Bah! by SMS_Design · · Score: 5, Informative

      I believe they're referring to a Moka pot, actually.

    3. Re:Bah! by 1karmik1 · · Score: 5, Informative

      I'm italian, Coffee for us is either Moka or Espresso. At home, the best of the best is always moka. Even buying bar-grade espresso machines (the 3000$+ ones) isn't the same because with those machines (that makes an OUTSTANDING coffee) you had to make several hundreds coffee/day to remove the taste of brandnewness from them. A Moka can get to working order with few tens of runs. Every household in italy has a Moka. It's cheap and it makes a great coffee. (I wouldn't call Espresso tho, Espresso is even less water/even more coffee. Moka is something in between Espresso and $EVERYOTHERPARTOFTHEWORLD-coffee but more on the Espresso side (it's still a lot lot lot less water than any other coffee.). If you happen to stop by italy buy a Bialetti one, you won't regret it (we're talking 20$ here, nothing anyone could go bankrupt with.). Even more useful if you got a coffee grinder or a shop that sells moka-grinded coffee, since the grains are a little different from american-coffee ones (not sure which one is bigger. Moka ones are definitely bigger than espresso, which are the smallest.)

      --
      Violence is the last refuge of the incompetent.
  2. Java? by Arakageeta · · Score: 5, Funny

    I wonder how well it runs Java...

    1. Re:Java? by lanswitch · · Score: 5, Funny

      I'm only interested if it can do Cocoa as well.

  3. Sex? by pembo13 · · Score: 5, Funny

    Sorry, that's the first thing that came to mind on the question of what more could a hacker want.

    --
    "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
    1. Re:Sex? by jd · · Score: 5, Funny

      I assume the question is limited to things within the realms of reality, rather than science-fiction (the only known environment where geeks get laid). Of course, a totally evil hacker might upload a suitable hot coffee mod.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. Setting the scene by BWJones · · Score: 5, Funny

    I mean come on now... what good can an Internet connected coffee maker really do? No security conscious office will ever want a Windows enabled appliance around. Just imagine the scene:

    Special Agent Wilkins: How the Hell did they get in?

    Special Agent Thompson: Sir..... I... uh, think they got in through the coffee maker.

    Special Agent Wilkins: The What?

    Special Agent Thompson: Sir, the coffee maker that we got you for your birthday... the one that you wanted to be able to brew up a cup o joe from your office?

    Special Agent Wilkins: Oh fsck me....

    --
    Visit Jonesblog and say hello.
  5. Re:hmmm by Anonymous Coward · · Score: 5, Funny

    Yeahhhhhh, i'm gonna have to go ahead & ... disagree with you there, yeahhh. I'm not sure hacking Lumberg's coffee maker is going to have any affect on him, yeahhh, you see, Lumberg doesn't sleep as he is up all night continually drinking from his perpetually-full mug, even as he bangs your girlfriend.

    btw, I'm gonna have to ask you to go ahead and come in on Sunday, too... :-P

  6. HTCPCP by Anonymous Coward · · Score: 5, Funny

    So, does this device conform to the HTCPCP (Hyper Text Coffee Pot Control Protocol) [http://www.faqs.org/rfcs/rfc2324.html] ?

  7. Not a constantly-connected device by aaronbeekay · · Score: 5, Informative

    As far as I can tell, the coffeemaker *doesn't* run Windows-- the exploit is in the "connection kit", which is software that runs on a PC, which plugs into the coffeemaker, which lets coffee-people fix your coffeemaker from afar.

    So this wouldn't have much in the way of applicability unless you knew someone with this particular $2000 coffeemaker, which was already experiencing problems, who had purchased the $100+ coffeemaker diagnostic kit and had the coffeemaker plugged in, through the diagnostic kit, to their PC at the time.

    Seems like there are better ways to get into Windows.

  8. Re:Weaken them by jamesh · · Score: 5, Funny

    NO one can survive without caffeine!

    I can. I can stop caffeine any time I want to.
  9. At least it was a Coffee Maker... by patio11 · · Score: 5, Insightful

    ... and not, oh, an integrated diabetes management system, pill dispenser, etc...

    --
    Help poke pirates in the eyepatch, arr.
  10. classic example of why... by timmarhy · · Score: 5, Insightful

    ... not everything needs an internet connection

    --
    If you mod me down, I will become more powerful than you can imagine....
  11. What's for breakfast? by fyoder · · Score: 5, Funny

    Once the coffee maker is compromised and turned into a rogue email server, breakfast choices will be coffee and spam, coffee egg and spam; coffee egg bacon and spam; coffee egg bacon sausage and spam; coffee spam bacon sausage and spam; coffee spam egg spam spam bacon and spam; coffee spam sausage spam spam bacon spam tomato and spam....

    Vikings: Spam spam spam spam...

    --
    Loose lips lose spit.
  12. Don't people learn by Xarin · · Score: 5, Funny

    Don't people ever learn. If you don't install a firewall, anti-virus protection, and anti-spyware software on your coffee maker, you deserve to be hacked. My coffee maker runs Linux and has never been hacked.

  13. Re:First post? by Anonymous Coward · · Score: 5, Funny

    Have the RIAA sent it a DMCA takedown notice for sharing files yet?

    PC LOAD COFFEE

  14. Tea by ozbird · · Score: 5, Funny

    Whatever you do, don't ask it for a cup of tea while it's connected to the Internet. "Share and enjoy."

  15. Coffee by dunezone · · Score: 5, Funny

    I, for one, welcome our new coffee brewing overlords.

  16. Did you hear the ones about... by pandrijeczko · · Score: 5, Funny
    Did you hear the one about the Microsoft coffee maker?

    It makes tea then convinces you that you only ever wanted a tea.

    Did you hear the one about the Apple coffee maker?

    It does an amazing Mocha Frappucino with whipped cream, caramel sauce and a chocolate flake in the top but doesn't know how to make a plain black coffee.

    Did you hear the one about the Linux coffee maker?

    v0.1 made a good plain coffee but it took a while doing it, v1.0 makes good plain coffee but there's a patch that allows it to make better tea than the Microsoft coffee maker and v2.0 gives you a cup of plain coffee, a cup of whipped cream, a cup of caramel sauce, a chocolate flake in a wrapper and tells you to make the coffee how you want but for a much lower price than the Apple one.

    Did you hear the one about the Vista coffee maker?

    Nope, neither did I but then who gives a shit.

    --
    Gentoo Linux - another day, another USE flag.
    1. Re:Did you hear the ones about... by mrogers · · Score: 5, Funny

      Did you hear the one about the OpenBSD coffee maker?

      Theo De Raadt makes a perfect cup of espresso and then throws it over your shirt.

  17. Check with the Internet Engineering Task Force by JakartaDean · · Score: 5, Interesting
    Well, I hope someone is checking whether this thing is truly RFC 2324 compliant.

    http://tools.ietf.org/html/rfc2324

    --
    The subject who is truly loyal to the Chief Magistrate will neither advise nor submit to arbitrary measures (Junius)
  18. Re:What more could a hacker want? by WWWWolf · · Score: 5, Funny

    How about the coffee?

    Ah, the cleverness of the hack in question is not that they can make the coffee maker to produce coffee, no. The evil hax0rs really want the coffee.

    Employee 1: "This has to be the most ridiculous work order I've ever received."
    Employee 2: "What is it?"
    E1: "At precisely 12:02, I'm supposed to take the cup from the coffee percolator and deliver it to this address a few blocks away."
    E2: "What? Are you kidding?"
    E1: "No, it's on our company letterhead. Signed by the CEO. 'Deliver this cup of coffee to our IT subcontractor. This may sound like an unusual order, but millions are at stake here.'"
    E2: "Well, I wonder what those primadonnas come up with next time?"

  19. It could actually be dangerous... by ewrong · · Score: 5, Funny

    1: Hack your competitiors coffee machine.
    2: Set it to only serve decaff.
    3: Sit back and watch their productivity go through the floor.

  20. I wonder by Etrigoth · · Score: 5, Funny

    Is this technically a Java exploit ?

    *sorry*

    --
    When we remember we are all mad, the mysteries disappear and life stands explained.
  21. but of course by nimbius · · Score: 5, Funny

    just another entry in a long list of devices that, while harmless otherwise, now have the ability to injure you once integrated with Microsoft Windows.

    --
    Good people go to bed earlier.
  22. Re:First post? by Zeinfeld · · Score: 5, Informative
    I have been predicting this one for a while, I wrote in the manifesto that nobody is going to want home automation if it means having to worry if Mr Coffee has been recruited into a botnet.

    The solution I proposed there was that a coffee pot does not get a full Internet connection. Instead of the default being full access we switch to default deny. It only gets to connect to the local net at all after authentication. And it only gets access that is appropriate to its function and consistent with site policy. Obviously the typical consumer is not going to be writing security policies so this process is going to have to be automated which is where a small amount of Semantic Web technology comes in.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  23. Re:First post? by CastrTroy · · Score: 5, Funny

    PC LOAD COFFEE? WTF does that mean?

    Here's some extra text to get past the caps filter.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  24. Re:First post? by funaho · · Score: 5, Funny

    A simpler solution is, when putting your coffee maker on the Internet, to make sure JavaScript is turned off.

    Yes, I made a horrible pun. :)