All Your Coffee Are Belong To Us 354
Wolf nipple chips writes "Craig Wright discovered that the Jura F90 Coffee maker, with its honest-to-God Jura Internet Connection Kit, can be taken over by a remote attacker, who can cause the coffee to be weaker or stronger; change the amount of water per cup; or cause the machine to require service (call this one a DDoC). 'Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.' An Internet-enabled, remote-controlled coffee-machine and XP backdoor — what more could a hacker ask for?"
Not a constantly-connected device (Score:5, Informative)
So this wouldn't have much in the way of applicability unless you knew someone with this particular $2000 coffeemaker, which was already experiencing problems, who had purchased the $100+ coffeemaker diagnostic kit and had the coffeemaker plugged in, through the diagnostic kit, to their PC at the time.
Seems like there are better ways to get into Windows.
Re:Setting the scene (Score:5, Informative)
Re:Not a constantly-connected device (Score:3, Informative)
The author seems to go through alot of trouble to refer to everything as 'it' (ie - the coffee maker and the connectivity kit).
AFAIK - the coffee machine itself doesn't run windows, and other than changing the settings on it to whatever you want, you couldn't really do anything else useful with the coffee machine itself.
You could of course gain access to the Windows XP computer that the coffee machine is plugged into, if you're lucky enough to know an owner, his IP and that he has the software running!
A few things that aren't mentioned and I'm too lazy to look up - is whether the connectivity kit runs at startup (in the background as an app or service) or not; and if the backdoor to XP depends on the coffee maker being connected or not.
Re:Bah! (Score:5, Informative)
Re:Bah! (Score:5, Informative)
You're not supposed to keep them clinically clean. As any Italian will tell you, only wash a cafitiere [wikipedia.org] with warm water - no washing up liquid or other kind of detergent. Not only will this increase the life of the rubber sealing ring, it improves the taste over time as the jug becomes coated with a coffee residue (even the Wikipedia article mentions this). As for burning the coffee, what are you using to heat the thing, a flamethrower? As the water reservoir heats, steam is passed through the ground coffee, meaning it can't burn unless you're heating the sides of the cafetiere.
Re:Bah! (Score:5, Informative)
Re:Bah! (Score:4, Informative)
Then again, given my background and profession, I'd be heavily biased toward "clinically clean" even if it did throw the flavor off.
Re:First post? (Score:5, Informative)
The solution I proposed there was that a coffee pot does not get a full Internet connection. Instead of the default being full access we switch to default deny. It only gets to connect to the local net at all after authentication. And it only gets access that is appropriate to its function and consistent with site policy. Obviously the typical consumer is not going to be writing security policies so this process is going to have to be automated which is where a small amount of Semantic Web technology comes in.
Re:Bah! (Score:4, Informative)
Re:Bah! (Score:4, Informative)
Reminds me of a novel (Score:3, Informative)
Re:Bah! (Score:3, Informative)
Water at 212 (100C) extracts too many of the bitter compounds that are present in the beans, which actually detracts from the flavor.
See:
http://www.boyds.com/coffee/brewingguide.html [boyds.com]
http://www.coffeeresearch.org/coffee/brewing.htm [coffeeresearch.org]
In practice, that means taking the pot off the boil, waiting maybe 10 seconds, THEN pouring the water over the coffee grounds.
Many home coffeemakers (Technivorm [sweetmarias.com] excluded) don't come close to this mark, which is why French press coffee usually tastes better..
Re:Hey Editors, Proofreed, PLEASE (Score:2, Informative)
I'm profoundly shocked that a