No announcement yet.

No, dont hack that coffee machine!!!

  • Filter
  • Time
  • Show
Clear All
new posts

  • No, dont hack that coffee machine!!!

    German original:

    "Hackerangriff auf Kaffeemaschine mِglich

    Da hِrt der Spaك aber auf: Laut dem Bericht eines australischen Sicherheitsspezialisten weist das Internet Connection Kit des Kaffeemaschinenherstellers Jura Sicherheitslücken auf, mit denen Hacker anderen Leuten den Kaffee versauen kِnnen. So schreibt Craig Wright in einem Mailing an die Bugtraq-Mailing-Liste, dass es über das Netz mِglich sei, in der Kaffeemaschine die Einstellungen zur Zubereitung zu نndern.

    Dabei lieكe sich die Standardmenge des Kaffeepulvers und des Wassers einstellen. Wenig Pulver mit viel Wasser kنme dabei wohl für viele Kaffeetrinker sicherlich einer Denial-of-Service-Attacke gleich. Darüber hinaus sollen sich auch noch diverse andere Einstellungen manipulieren lassen, die anschlieكend den Service eines Techniker vor Ort erfordern – was die Netzwerkfنhigkeit eigentlich verhindern soll.
    Glücklicherweise ist das auch Internet Coffee System (ICS) genannte Modul noch nicht offiziell in den Lنden verfügbar. Es bildet die Brücke zwischen der seriellen Schnittstelle der Maschine und einem Ethernet-LAN. Zusنtzlich muss auf einem Windows-PC eine Software laufen, die dem ICS die Verbindung ins Internet bahnt, damit ein Service-Techniker die Maschine aus der Ferne warten kann. Allerdings weist diese Software laut Wrights Untersuchungen mehrere Lücke auf, durch die ein Angreifer in den PC eindringen kann – und damit nicht nur diese manipulieren kann, sondern auch die Kaffeemaschine. Der Hersteller soll über das Problem informiert sein."

    Yahoo! Babel Fish translation:

    "Hacker attack on coffee machine possible There the fun stops however: According to the report of an Australian safety specialist the Internet exhibits Connection kit of the coffee machine manufacturer law security holes, with which hackers other people the coffee can versauen. Thus Craig WRIGHT in a Mailing writes the Bugtraq Mailing list that it is possible over the net to change in the coffee machine the attitudes to the preparation. The standard quantity of the coffee powder and the water would let itself adjust. Little powder with much water would equal thereby probably for many coffee drunkards surely an Denial OF service attack. Beyond that also still various other attitudes are to be manipulated to be able, which require afterwards the service technicians locally - which the network ability is to actually prevent. Fortunately also the Internet Coffee system (ICS) is module mentioned not yet officially in the shops available. It forms the bridge between the serial interface of the machine and a Ethernet LAN. Additionally a software must run on a Windows PC, which clears the connection for the ICS in the Internet, so that a service technician can wait the machine from the distance. However this software exhibits gap, by which an aggressor can penetrate into the PC according to WRIGHTs investigations several - and thus not only this to manipulate can, but also the coffee machine. The manufacturer should be informed about the problem." | [email protected]

  • #2
    Or from an english article on the same:

    The Jura F90 is a coffee maker than runs at $2000, largely due to its amazing internet powers, like remotely setting your coffee's strength (strong enough to kill a horse, plz) and getting diagnostics help without sending the whole unit in for service. But the software has some serious holes like a buffer overflow vulnerability that'll let hackers take over the PC you use to connect the F90 to the net, not to mention screw up your coffee, turning it into a sludgy cup of caffeinated tar, or worse, a watery, tea-like liquid. There's no patch yet, but there better be soon. A computer getting hacked is really trivial, but shitty coffee from a $2000 machine is goddamn criminal.
    Immortius' Forge


    • #3
      Not really seeing the point of remote connections to a coffee machine unless it also brings the coffee to you after you told it what you wanted.


      • #4
        Via what protocol? F-Tea-Pee?


        • #5
          Originally posted by Machine View Post
          Via what protocol? F-Tea-Pee?
          It only uses that when operating in full duplex.
          Kept an xmas avatar for 3 year(s).


          • #6
            It used to be where you could "hack" a Coke machine in the US into maintenance mode by pushing a certain button combo. (free Cokes)


            • #7
              The babelfish is just great, no less.

              Not as a translator, of course. But as an entertainer, it is!

              Kaffetrinker = coffee drunkards!

              ...and really priceless sentences like
              "with which hackers other people the coffee can versauen."
              (This is SO good. Really made me roll on the floor...)

              The babelfish must have been to a german school in his youth. Maybe a gymnasium, even. Only there they teach a germlish of this perfection.

              Nice find, Felix.