Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keurig 2.0 Genuine K-Cup Spoofing Vulnerability

Posted by ryuzaki0 on from the if-only-this-worked-for-ink-jet-cartridges dept.

An anonymous reader writes A security researcher has released a humorous vulnerability description for the Keurig 2.0 coffee maker, which includes DRM designed to only brew Keurig brand coffe pods (K-Cups): "Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup." The vulnerability description even includes mitigating controls, such as keeping the Keurig in a locked cabinet when not in use. Also at Hackaday.

30 of 270 comments (clear)

  1. Holy Fuck! by d33tah · · Score: 4, Funny

    Holy fuck! These pirated K-Cups are going to hurt the whole industry!

    1. Re:Holy Fuck! by ThePhilips · · Score: 3, Funny

      And the poor customers gets duped into buying a counterfeit pods without even realizing it!

      That must be stopped!

      Think of the customers!!

      --
      All hope abandon ye who enter here.
    2. Re:Holy Fuck! by slashmydots · · Score: 3, Insightful

      Not as much as the cost of those RFID tags or whatever they had to add to their cups. The expense was obviously passed directly onto the customer.
      They spent money on RFID tags and charged the consumer more to ensure that the customer pays them more money by not buying off-brand stuff. Now that's how you show customer appreciation.

    3. Re:Holy Fuck! by Githaron · · Score: 4, Interesting

      Apparently, they are using a propietary ink: http://www.consumeraffairs.com... rather than RFID.

    4. Re:Holy Fuck! by nitehawk214 · · Score: 4, Insightful

      Obviously the solution is to put a tax on all normal coffee and send the money directly to Keurig.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    5. Re:Holy Fuck! by schlachter · · Score: 5, Funny

      when the little needle in the Keurig device comes down and punctures the spoofed k-cup, it will surely execute an Java injection attack.

      --
      My God can beat up your God. Just kidding...don't take offense. I know there's no God.
  2. Nesspresso! by TechyImmigrant · · Score: 5, Funny

    I demand additional ineffective security procedures for my Nespresso machine. I'm completely ineffectively unprotected.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  3. Apparently it's very easy to get around by Russ1642 · · Score: 3, Funny

    I know someone who keeps a genuine k-cup lid around and just sets it on top of the off-brand cup every time he uses his machine.

  4. But does it report artificially low ink levels? by pla · · Score: 5, Insightful

    Why in the hell would anybody buy a coffee maker that uses DRM to prevent using "non-genuine" coffee?

    1. Re:But does it report artificially low ink levels? by brunes69 · · Score: 3, Informative

      You are confusing K-Cups with these K-Cup 2.0 pods. K-Cups are what have a great range and are available anywhere - because they have no DRM and all patents were worked around. K-Cup 2.0 pods have a very horrible range and limited distribution. I feel sorry for anyone suckered into buying one of these newer brewers.

    2. Re:But does it report artificially low ink levels? by gstoddart · · Score: 4, Insightful

      There are many other brands of brewers that make single serving coffee and none of them force you to use any particular brand of cup.

      So, on the off beat chance you don't know this ...

      Most of those single serving cups are, in fact, the k-cup form factor. The patents for those expired several years ago, and everybody could make compatible stuff. Because, really, it's a little plastic tub with coffee in it and it isn't rocket science. You can buy them anywhere, and find lots of makers which support them.

      Now ... this is the new hotness. The K-cup 2.0, with DRM.

      So, all of those brands of brewers and cups you could buy? You still can. Nothing about those has changed. Your older Keurig machine? Nothing has changed with that either.

      But, if you end up buying a newer Keurig machine ... suddenly you get DRM, specifically because it's the razor blade business model, and Keurig has decided you must buy from them.

      --
      Lost at C:>. Found at C.
  5. Re:Someone has by TWX · · Score: 5, Funny

    And here you are, posting on Slashdot...

    --
    Do not look into laser with remaining eye.
  6. Re:Someone has by Z00L00K · · Score: 4, Insightful

    Considering the impact on the environment of pods that just ends up in the garbage there's now two reasons not to buy them.

    OK, the coffee they make isn't bad, but what's wrong with an ordinary espresso machine?

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  7. K-Cups? by Anonymous Coward · · Score: 5, Funny

    I can only imagine how expensive that must be. The last pair of double-D's set me back a fortune before it was all said and done. Although, they were nice.

  8. Re:Someone has by nitehawk214 · · Score: 3, Insightful

    But I think it is the other waste factor that people are more concerned about, trash generated per cup of coffee.

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
  9. Re:Someone has by gstoddart · · Score: 3, Informative

    The k cups allow only coffee that is desired to be made at the cost of extra plastic waste

    I would rather end up with liquid coffee and coffee grounds as waste products. The plastic and mylar? Not so much.

    Bonus you can get increased variations of coffee

    You know, they've had ground coffee in various flavors for literally decades, it's a solved problem. You can buy the bean whole or ground.

    different people can get the different flavors they want including hot chocolates and teas for those who don't drink coffee.

    You can't do that with just any coffee maker easily.

    Maybe, maybe not ... but they've had this remarkable invention called a kettle for most of recorded human history.

    --
    Lost at C:>. Found at C.
  10. Workaround by Ol+Olsoc · · Score: 5, Funny
    Easy to follow steps:

    1. Go to your favorite sore that carries coffee makers

    2. Purchase a drip, french press or percolator, or whatever type I missed as per your wishes.

    3. Buy some coffee at the same store. This may come as a shock to many people, but there is a large variety of typs of coffees out there. Different grinds, or grind your own - it is amazing I tell you, must be something new. Keurig is not the only company out there. I'm partial to a brand roasted in Philly, that I purchase from of all places, a diner in Rio Grande, New Jersey. But I digress.

    Brew your own fucking coffee the way we used to do it when men were men, and the sheep knew to be respectful. Enjoy it on the patio, yelling at kids to get off the lawn.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  11. Re:Someone has by Immerman · · Score: 3, Informative

    And the advantage over a "generic" coffee machine capable of brewing single cups is...?

    I'm not a big coffee drinker, I had a roommate with an espresso machine for a while - brewed at most two cups at a time. After brewing you throw away the grounds, rinse the strays out of the "cup", and you're good to go again. Like a cast iron pan, it's only used when exposed to germ-killing heat so you don't even have to wash it unless except occasionally to prevent buildup of unpleasantly flavored residues. And it takes what, 2 seconds longer? You'll spend a lot more than that paying for those expensive little pre-packaged coffee scoops.

    --
    --- Most topics have many sides worth arguing, allow me to take one opposite you.
  12. This could lead to death by davidwr · · Score: 5, Funny

    A malicious attacker could substitute toxic fake coffee or hot chocolate for the real thing.

    A malicious attacker could also substitute a coffee or hot chocolate that is tainted with a chemical that creates slight etchings in the surface of the coffee cup or other cup used to hold the end product. For certain types of cups, the result will be a cup that will be more likely to harbor bacterial growth than one with a smooth surface. Assuming a successful attack, the risk of illness or fatality is low for a healthy adult but it might be significant for a person with a suppressed or compromised immune system.

    Recommended mitigation:
    Keep people who want to kill you away from your coffee maker.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:This could lead to death by Jason+Levine · · Score: 4, Interesting

      Even worse, they might brew the coffee with (*gasp*) Dihydrogren Monoxide!!!

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  13. Re:Someone has by grub · · Score: 3

    We have refillable Keurig coffee cups and grind our own beans. Our own setup is virtually trash free other than the empty bags of beans.

    --
    Trolling is a art,
  14. Re:Someone has by 50000BTU_barbecue · · Score: 4, Interesting

    Here in Montreal some dude has a mushroom growing kit that grows on a bag filled with coffee grounds. They were the most intensely flavored mushrooms I ever tasted. I was like getting hit in the face by a boxing glove made of mushrooms.

    --
    Mostly random stuff.
  15. Let's counter-balance that free Keurig ad a little by ArcadeMan · · Score: 4, Funny

    Tassimo
    Nespresso

    --
    Get free satoshi (Bitcoin) and Dogecoins
  16. It's a Java vunerability by schlachter · · Score: 5, Funny

    in the Java run time environment

    --
    My God can beat up your God. Just kidding...don't take offense. I know there's no God.
  17. Re:Keurig's only reason is profit. by Bob+the+Super+Hamste · · Score: 3, Informative

    That is the old razor and blades sales model perfected by King Gillette.

    --
    Time to offend someone
  18. Re:Someone has by ganjadude · · Score: 5, Funny

    I was like getting hit in the face by a boxing glove made of mushrooms.

    Sounds like they were some pretty good mushrooms. were you also at a pink floyd concert by chance?

    --
    have you seen my sig? there are many others like it but none that are the same
  19. A more elegant hack by Anonymous Coward · · Score: 4, Insightful

    The way demonstrated in the video is a pretty ugly way to fix the problem, you have to constantly put your fake lid on top of the cup you make. Towards the back left side of the piece that lowers down there's some kind of small optical sensor that looks for the keurig border that's only on keurig cups -- if you peel the label off one you can cut out a small piece of just the border and tape it directly under the sensor -- you just have to make sure it's lined up the way it expects and you'll never have to futz with an extra lid again. Some quick scissor work and a piece of scotch tape and it's been going strong for probably around 2 months now.

  20. Someone already designed a perminant solution. by luciano.moretti · · Score: 5, Informative

    Freedom Clip: Clips onto your Keurig over the DRM sensor hole so you don't have to mess with extra foil.

    https://www.gourmet-coffee.com...

  21. Re:These stupid ass one shot coffee makers by Jason+Levine · · Score: 3, Funny

    Would that be a Beowulf Keurig Cluster?

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  22. Re:Someone has by Zontar+The+Mindless · · Score: 5, Insightful

    I use a French press, beans, and a grinder. Zero waste other than the grounds (and if I had a yard, I could compost them). The grinder's a hand-cranked model, so the only power used is to heat the water.

    I've been making coffee this way for years, but never thought about the fact that it's also very conservative of resources until now.

    And I despise the capsule-style makers on general principles; as for Keurig--if I won't accept DRM for my music and video, I sure am as fuck not going to accept it for my coffee.

    --
    Il n'y a pas de Planet B.