Coffee drinkers in peril after espresso overspill attack

An Australian man has exploited security vulnerabilities in a leading coffee machine which could lead to an overflow of scalding water being poured into unexpecting users' coffee cups.

Craig Wright, a risk advisory services manager with accountancy giant BDO, said he could use an internet connection to meddle with the coffee machine to cause it to release too much hot water or too much coffee powder.

Writing on security mailing list BugTraq, he said he could also break the machine by tweaking its settings.

The attack is possible because two models of the machine, the Jura Impressa F90 and Jura Impressa F9, have internet connectivity.

Switzerland-based Jura manufactures glorified coffee makers that retail for over £1000.

Jura introduced internet connectivity to the machines so they can be mended remotely by engineers. It's believed to be the first espresso maker with that capability.

Wright said he thought the flaw could not be patched.

"Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on, at the level of the user," he said.

Wright added that he has now installed his machine behind a firewall.

Jura could offer no comment at the time of writing.


See original article on scmagazineus.com