Hacking Coffee Makers.
Hi All,
I have a Jura F90 Coffee maker with the Jura Internet Connection Kit. The idea
is to:
"Enable the Jura Impressa F90 to communicate with the Internet, via a PC.
Download parameters to configure your espresso machine to your own personal
taste.
If there's a problem, the engineers can run diagnostic tests and advise on the
solution without your machine ever leaving the kitchen."
Guess what - it can not be patched as far as I can tell ;) It also has a few
software vulnerabilities.
Fun things you can do with a Jura coffee maker:
1. Change the preset coffee settings (make weak or strong coffee)
2. Change the amount of water per cup (say 300ml for a short black) and make a
puddle
3. Break it by engineering settings that are not compatible (and making it
require a service)
The connectivity kit uses the connectivity of the PC it is running on to
connect the coffee machine to the internet. This allows a remote coffee machine
"engineer" to diagnose any problems and to remotely do a preliminary service.
Best yet, the software allows a remote attacker to gain access to the Windows
XP system it is running on at the level of the user.
Compromise by Coffee.
Regards,
Craig Wright GSE-Compliance
Craig Wright
Manager, Risk Advisory Services
Direct : +61 2 9286 5497
Craig.Wright@xxxxxxxxxx
+61 417 683 914
BDO Kendalls (NSW-VIC) Pty. Ltd.
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
http://www.bdo.com.au/
The information in this email and any attachments is confidential. If you are
not the named addressee you must not read, print, copy, distribute, or use in
any way this transmission or any information it contains. If you have received
this message in error, please notify the sender by return email, destroy all
copies and delete it from your system.
Any views expressed in this message are those of the individual sender and not
necessarily endorsed by BDO Kendalls. You may not rely on this message as
advice unless subsequently confirmed by fax or letter signed by a Partner or
Director of BDO Kendalls. It is your responsibility to scan this communication
and any files attached for computer viruses and other defects. BDO Kendalls
does not accept liability for any loss or damage however caused which may
result from this communication or any files attached. A full version of the BDO
Kendalls disclaimer, and our Privacy statement, can be found on the BDO
Kendalls website at http://www.bdo.com.au/ or by emailing
mailto:administrator@xxxxxxxxxxx
BDO Kendalls is a national association of separate partnerships and entities.
Liability limited by a scheme approved under Professional Standards Legislation.