Coffee drinkers in peril after espresso overspill attack

By

A geeky risk advisory manager from global accountancy firm BDO has hacked into a leading coffee machine, causing it to pour scalding water onto unsuspecting espresso lovers


An Australian man has exploited security vulnerabilities in a leading coffee machine which could lead to an overflow of scalding water being poured into unexpecting users' coffee cups.

Craig Wright, a risk advisory services manager with accountancy giant BDO, said he could use an internet connection to meddle with the coffee machine to cause it to release too much hot water or too much coffee powder.

Writing on security mailing list BugTraq, he said he could also break the machine by tweaking its settings.

The attack is possible because two models of the machine, the Jura Impressa F90 and Jura Impressa F9, have internet connectivity.

Switzerland-based Jura manufactures glorified coffee makers that retail for over £1000.

Jura introduced internet connectivity to the machines so they can be mended remotely by engineers. It's believed to be the first espresso maker with that capability.

Wright said he thought the flaw could not be patched.

"Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on, at the level of the user," he said.

Wright added that he has now installed his machine behind a firewall.

Jura could offer no comment at the time of writing.


See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
securityvulnerability

Sponsored Whitepapers

Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?