Craig Wright, a risk advisory services manager with accountancy giant BDO, said he could use an internet connection to meddle with the coffee machine to cause it to release too much hot water or too much coffee powder.
Writing on security mailing list BugTraq, he said he could also break the machine by tweaking its settings.
The attack is possible because two models of the machine, the Jura Impressa F90 and Jura Impressa F9, have internet connectivity.
Switzerland-based Jura manufactures glorified coffee makers that retail for over £1000.
Jura introduced internet connectivity to the machines so they can be mended remotely by engineers. It's believed to be the first espresso maker with that capability.
Wright said he thought the flaw could not be patched.
"Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on, at the level of the user," he said.
Wright added that he has now installed his machine behind a firewall.
Jura could offer no comment at the time of writing.
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
