Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keurig 2.0 Genuine K-Cup Spoofing Vulnerability

Posted by ryuzaki0 on from the if-only-this-worked-for-ink-jet-cartridges dept.

An anonymous reader writes A security researcher has released a humorous vulnerability description for the Keurig 2.0 coffee maker, which includes DRM designed to only brew Keurig brand coffe pods (K-Cups): "Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup." The vulnerability description even includes mitigating controls, such as keeping the Keurig in a locked cabinet when not in use. Also at Hackaday.

11 of 270 comments (clear)

  1. Nesspresso! by TechyImmigrant · · Score: 5, Funny

    I demand additional ineffective security procedures for my Nespresso machine. I'm completely ineffectively unprotected.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  2. But does it report artificially low ink levels? by pla · · Score: 5, Insightful

    Why in the hell would anybody buy a coffee maker that uses DRM to prevent using "non-genuine" coffee?

  3. Re:Someone has by TWX · · Score: 5, Funny

    And here you are, posting on Slashdot...

    --
    Do not look into laser with remaining eye.
  4. K-Cups? by Anonymous Coward · · Score: 5, Funny

    I can only imagine how expensive that must be. The last pair of double-D's set me back a fortune before it was all said and done. Although, they were nice.

  5. Workaround by Ol+Olsoc · · Score: 5, Funny
    Easy to follow steps:

    1. Go to your favorite sore that carries coffee makers

    2. Purchase a drip, french press or percolator, or whatever type I missed as per your wishes.

    3. Buy some coffee at the same store. This may come as a shock to many people, but there is a large variety of typs of coffees out there. Different grinds, or grind your own - it is amazing I tell you, must be something new. Keurig is not the only company out there. I'm partial to a brand roasted in Philly, that I purchase from of all places, a diner in Rio Grande, New Jersey. But I digress.

    Brew your own fucking coffee the way we used to do it when men were men, and the sheep knew to be respectful. Enjoy it on the patio, yelling at kids to get off the lawn.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  6. This could lead to death by davidwr · · Score: 5, Funny

    A malicious attacker could substitute toxic fake coffee or hot chocolate for the real thing.

    A malicious attacker could also substitute a coffee or hot chocolate that is tainted with a chemical that creates slight etchings in the surface of the coffee cup or other cup used to hold the end product. For certain types of cups, the result will be a cup that will be more likely to harbor bacterial growth than one with a smooth surface. Assuming a successful attack, the risk of illness or fatality is low for a healthy adult but it might be significant for a person with a suppressed or compromised immune system.

    Recommended mitigation:
    Keep people who want to kill you away from your coffee maker.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  7. Re:Holy Fuck! by schlachter · · Score: 5, Funny

    when the little needle in the Keurig device comes down and punctures the spoofed k-cup, it will surely execute an Java injection attack.

    --
    My God can beat up your God. Just kidding...don't take offense. I know there's no God.
  8. It's a Java vunerability by schlachter · · Score: 5, Funny

    in the Java run time environment

    --
    My God can beat up your God. Just kidding...don't take offense. I know there's no God.
  9. Re:Someone has by ganjadude · · Score: 5, Funny

    I was like getting hit in the face by a boxing glove made of mushrooms.

    Sounds like they were some pretty good mushrooms. were you also at a pink floyd concert by chance?

    --
    have you seen my sig? there are many others like it but none that are the same
  10. Someone already designed a perminant solution. by luciano.moretti · · Score: 5, Informative

    Freedom Clip: Clips onto your Keurig over the DRM sensor hole so you don't have to mess with extra foil.

    https://www.gourmet-coffee.com...

  11. Re:Someone has by Zontar+The+Mindless · · Score: 5, Insightful

    I use a French press, beans, and a grinder. Zero waste other than the grounds (and if I had a yard, I could compost them). The grinder's a hand-cranked model, so the only power used is to heat the water.

    I've been making coffee this way for years, but never thought about the fact that it's also very conservative of resources until now.

    And I despise the capsule-style makers on general principles; as for Keurig--if I won't accept DRM for my music and video, I sure am as fuck not going to accept it for my coffee.

    --
    Il n'y a pas de Planet B.