<<< Date Index >>>     <<< Thread Index >>>

Hacking Coffee Makers.



Hi All,
I have a Jura F90 Coffee maker with the Jura Internet Connection Kit. The idea 
is to:

"Enable the Jura Impressa F90 to communicate with the Internet, via a PC.
Download parameters to configure your espresso machine to your own personal 
taste.
If there's a problem, the engineers can run diagnostic tests and advise on the 
solution without your machine ever leaving the kitchen."

Guess what - it can not be patched as far as I can tell ;) It also has a few 
software vulnerabilities.

Fun things you can do with a Jura coffee maker:
1. Change the preset coffee settings (make weak or strong coffee)
2. Change the amount of water per cup (say 300ml for a short black) and make a 
puddle
3. Break it by engineering settings that are not compatible (and making it 
require a service)

The connectivity kit uses the connectivity of the PC it is running on to 
connect the coffee machine to the internet. This allows a remote coffee machine 
"engineer" to diagnose any problems and to remotely do a preliminary service.

Best yet, the software allows a remote attacker to gain access to the Windows 
XP system it is running on at the level of the user.

Compromise by Coffee.

Regards,
Craig Wright GSE-Compliance

Craig Wright
Manager, Risk Advisory Services

Direct : +61 2 9286 5497
Craig.Wright@xxxxxxxxxx
+61 417 683 914

BDO Kendalls (NSW-VIC) Pty. Ltd.
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
http://www.bdo.com.au/

The information in this email and any attachments is confidential. If you are 
not the named addressee you must not read, print, copy, distribute, or use in 
any way this transmission or any information it contains. If you have received 
this message in error, please notify the sender by return email, destroy all 
copies and delete it from your system.

Any views expressed in this message are those of the individual sender and not 
necessarily endorsed by BDO Kendalls. You may not rely on this message as 
advice unless subsequently confirmed by fax or letter signed by a Partner or 
Director of BDO Kendalls. It is your responsibility to scan this communication 
and any files attached for computer viruses and other defects. BDO Kendalls 
does not accept liability for any loss or damage however caused which may 
result from this communication or any files attached. A full version of the BDO 
Kendalls disclaimer, and our Privacy statement, can be found on the BDO 
Kendalls website at http://www.bdo.com.au/ or by emailing 
mailto:administrator@xxxxxxxxxxx

BDO Kendalls is a national association of separate partnerships and entities. 
Liability limited by a scheme approved under Professional Standards Legislation.