All Your Coffee Are Belong To Us

Wolf nipple chips writes "Craig Wright discovered that the Jura F90 Coffee maker, with its honest-to-God Jura Internet Connection Kit, can be taken over by a remote attacker, who can cause the coffee to be weaker or stronger; change the amount of water per cup; or cause the machine to require service (call this one a DDoC). 'Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.' An Internet-enabled, remote-controlled coffee-machine and XP backdoor — what more could a hacker ask for?"

Not a constantly-connected device

[aaronbeekay]

As far as I can tell, the coffeemaker *doesn't* run Windows-- the exploit is in the "connection kit", which is software that runs on a PC, which plugs into the coffeemaker, which lets coffee-people fix your coffeemaker from afar.

So this wouldn't have much in the way of applicability unless you knew someone with this particular $2000 coffeemaker, which was already experiencing problems, who had purchased the $100+ coffeemaker diagnostic kit and had the coffeemaker plugged in, through the diagnostic kit, to their PC at the time.

Seems like there are better ways to get into Windows.

Re:Setting the scene

[jd]

This [wikipedia.org] is what happens when coffee pots go on the Internet, albeit in a different way. A similar effect was probably intended, though.

Re:Not a constantly-connected device

[Al_Lapalme]

I'd mod you up if I had the points - I was just about to post the same thing. I took me a few re-reads to understand what the message actually said.

The author seems to go through alot of trouble to refer to everything as 'it' (ie - the coffee maker and the connectivity kit).

AFAIK - the coffee machine itself doesn't run windows, and other than changing the settings on it to whatever you want, you couldn't really do anything else useful with the coffee machine itself.

You could of course gain access to the Windows XP computer that the coffee machine is plugged into, if you're lucky enough to know an owner, his IP and that he has the software running!

A few things that aren't mentioned and I'm too lazy to look up - is whether the connectivity kit runs at startup (in the background as an app or service) or not; and if the backdoor to XP depends on the coffee maker being connected or not.

Re:Bah!

[SMS_Design]

I believe they're referring to a Moka pot [wikipedia.org], actually.

Re:Bah!

[LizardKing]

You're not supposed to keep them clinically clean. As any Italian will tell you, only wash a cafitiere [wikipedia.org] with warm water - no washing up liquid or other kind of detergent. Not only will this increase the life of the rubber sealing ring, it improves the taste over time as the jug becomes coated with a coffee residue (even the Wikipedia article mentions this). As for burning the coffee, what are you using to heat the thing, a flamethrower? As the water reservoir heats, steam is passed through the ground coffee, meaning it can't burn unless you're heating the sides of the cafetiere.

Re:Bah!

[1karmik1]

I'm italian, Coffee for us is either Moka or Espresso. At home, the best of the best is always moka. Even buying bar-grade espresso machines (the 3000$+ ones) isn't the same because with those machines (that makes an OUTSTANDING coffee) you had to make several hundreds coffee/day to remove the taste of brandnewness from them. A Moka can get to working order with few tens of runs. Every household in italy has a Moka. It's cheap and it makes a great coffee. (I wouldn't call Espresso tho, Espresso is even less water/even more coffee. Moka is something in between Espresso and $EVERYOTHERPARTOFTHEWORLD-coffee but more on the Espresso side (it's still a lot lot lot less water than any other coffee.). If you happen to stop by italy buy a Bialetti one, you won't regret it (we're talking 20$ here, nothing anyone could go bankrupt with.). Even more useful if you got a coffee grinder or a shop that sells moka-grinded coffee, since the grains are a little different from american-coffee ones (not sure which one is bigger. Moka ones are definitely bigger than espresso, which are the smallest.)

Re:Bah!

[AgentPaper]

I'd have to respectfully disagree with that one. On a cheap aluminum moka pot, you might run into flavor issues from too-frequent scrubbing (aluminum + acid = yuk). If your pot is stainless, though (and these days, any decent pot will be), leaving that caked-on stuff in there will degrade the flavor of any coffee you make in it, as the coffee oils do tend to go rancid rather quickly post-brewing. The effect rapidly worsens if you use lower-grade coffee.

Then again, given my background and profession, I'd be heavily biased toward "clinically clean" even if it did throw the flavor off. ;-)

Re:First post?

[Zeinfeld]

I have been predicting this one for a while, I wrote in the manifesto that nobody is going to want home automation if it means having to worry if Mr Coffee has been recruited into a botnet.

The solution I proposed there was that a coffee pot does not get a full Internet connection. Instead of the default being full access we switch to default deny. It only gets to connect to the local net at all after authentication. And it only gets access that is appropriate to its function and consistent with site policy. Obviously the typical consumer is not going to be writing security policies so this process is going to have to be automated which is where a small amount of Semantic Web technology comes in.

Re:Bah!

[Hatta]

French presses are indeed the most delicious way to drink coffee. Unfortunately, unfiltered coffee has high levels of cafestol [wikipedia.org] which has been shown to raise cholesterol levels in drinkers of boiled coffee. Paper filters remove most of the cafestol, making the coffee a lot safer. Personally, I'm looking to pick up an Aeropress [aerobie.com] for just this reason.

Re:Bah!

[Hatta]

You're doing it wrong. Pour boiling water directly into your french press. Cover and steep for 3 minutes. Press and pour into an insulated carafe. It comes out at the perfect temperature, any hotter and you'd scald yourself.

Reminds me of a novel

[thegameiam]

This reminds me of Niven & Pournelle's Mote in God's Eye, where the moties did actually use a coffee maker as a means of infiltration...

Re:Bah!

[Binkleyz]

Actually, the proper temp for optimum extraction is not 212.. It should be between 195-205 (91-96C)

Water at 212 (100C) extracts too many of the bitter compounds that are present in the beans, which actually detracts from the flavor.

See:

http://www.boyds.com/coffee/brewingguide.html [boyds.com]
http://www.coffeeresearch.org/coffee/brewing.htm [coffeeresearch.org]

In practice, that means taking the pot off the boil, waiting maybe 10 seconds, THEN pouring the water over the coffee grounds.

Many home coffeemakers (Technivorm [sweetmarias.com] excluded) don't come close to this mark, which is why French press coffee usually tastes better..

Re:Hey Editors, Proofreed, PLEASE

[zurtle]

May I please say: *woosh*? Clicketh for more information [wikipedia.org]

I'm profoundly shocked that a /. user doesn't know this!!