• On TV.com: FAMILY GUY Special Finds New Sponsor
June 17, 2008 12:04 PM PDT

Internet-connected coffee maker has security holes

by Elinor Mills

An Australian man has discovered security vulnerabilities in his Internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak.

Craig Wright, a risk advisory services manager at professional services firm BDO, found several security holes, including a buffer overflow in the Internet Connection software that links his Jura F90 coffee maker to his PC.

This $2,000 Jura F90 coffee maker can be connected to the Internet for remote control of the settings. But it also can open up your PC to remote attacks, a security expert says.

(Credit: Jura)
Once connected to the Internet, the high-end coffee maker, which retails for nearly US$2,000 on Amazon, lets you do things like set the strength of your coffee and get remote diagnostic help over the Internet without having to send the appliance in for service.

Wright posted the information on the vulnerabilities, and the fact that there is no patch available yet, to the BugTraq security e-mail list on Tuesday.

A U.S.-based public relations representative for the coffee maker said she would try to reach spokespeople in the Switzerland headquarters for comment.

The threat hasn't kept Wright awake at night, although the coffee does, he said in an interview with CNET News.com at 2:30 Wednesday morning Sydney time.

"I don't know if many people would target this particular vulnerability because there probably are not a lot of coffee makers at the moment that are Internet-connected, and in my case it's behind a firewall," he said.

However, Internet-connected appliances are the wave of the future. There is already an Internet-connected refrigerator, at least one prototype of a Web-enabled oven, and pilot tests for dryers and water heaters.

Eventually "you'll be able to turn on your oven with your mobile phone" and a malicious hacker could wind up burning the house down, Wright said.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Security

Tags:

security,

coffee,

appliances

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Congress may require ISPs to block fraud sites
CNET's Quick Guide to Netbooks
Critical Windows 7 holes fixed in record Patch Tuesday
Time Warner testing fix to hole in home router
Barracuda snags Purewire in Web security play
Apple plugs holes for domain spoofing, other attacks
Barn raisings weatherize homes to cut energy bills
Wake to a hot cup of coffee
Add a Comment (Log in or register) (12 Comments)
  • prev
  • 1
  • next
by The_Decider June 17, 2008 12:18 PM PDT
This is why connecting everything to the internet is a terrible idea. The tiny amount of convenience these devices provide do not come close to outweighing the security risks.
Reply to this comment
by Craig-Wright June 17, 2008 12:43 PM PDT
Forget the local host being compromised.

In this case it could result in a Java denial of services... (I know bad pun)

Craig
Reply to this comment
by n3td3v June 17, 2008 1:22 PM PDT
"This is why connecting everything to the internet is a terrible idea."

Yeah but the intelligence services love it, they embrace it. The amount of information being collected over the internet by them has reached an all time high, the intelligence services are in their zone with the information collecting capability that's going on.

If the government didn't like everything connected to the internet, there would have been a clamp down long ago, infact the government love the internet and hope everything can be internet connected soon.

GCHQ and NSA will need to build bigger data warehouses to store everything, but thats not a draw back for them its an investment when you start to see the amount of searchable data being collected about everyone and stored on the intelligence services databases that top spies can access from anywhere in the world just like consumers can with Google search, accept the intelligence services searches don't come up with the next train to catch, they come up with the next terrorist to catch instead.

All the best,

n3td3v
Reply to this comment
by Tui Pohutukawa June 17, 2008 2:14 PM PDT
A coffee maker with an internet connection..? Is it 1 April already?
Reply to this comment
by Seaspray0 June 18, 2008 7:03 AM PDT
Nice, Craig-Wright. <applause>. It's truely a "Java" application with a security holes. Maybe it needs a better internet "filter". But what should we expect the way they "grind" out code these days. <you can kill me now>
Reply to this comment
by gary85739 June 18, 2008 10:38 AM PDT
Well, this is the last straw! Mac here I come!
Reply to this comment
by benjamin straight June 18, 2008 2:21 PM PDT
A coffee maker connected to the internet?
Reply to this comment
by shevaberg June 18, 2008 6:37 PM PDT
"by gary85739 June 18, 2008 10:38 AM PDT Well, this is the last straw! Mac here I come! "

ppfffftt... mac filter would cost twice as much as the pc filter for the coffee maker :P
Reply to this comment
by ferretboy88 June 18, 2008 7:01 PM PDT
People need to get a life and cut the crap with all the cracking. Start shooting anyone who hacks and it will stop.
Reply to this comment
by The_Decider June 18, 2008 8:26 PM PDT
Yeah, the death penalty sure stopped the problem of murder.
by Chiatzu June 19, 2008 12:22 AM PDT
Sure, have another cup. You own a machine now and think you're safe, because there so few people connected to the Internet with their coffee/expresso machines. But wait until the market share of coffee makers connected to the Internet is worth the hackers time to write exploits and make them l33t. Rather than enjoy your cup of coffee, you will fear it.
Reply to this comment
by thecynicalpessimist July 13, 2008 9:21 AM PDT
Wait. $2,000 for a coffee maker!?!?!?! When I drink a cup of coffee from that machine, I should get a twenty minute orgasm, otherwise I can get a coffee pot at Wal-Mart for way less and I'll bet 99.999% of the people on this earth couldn't tell the difference
Reply to this comment
(12 Comments)
  • prev
  • 1
  • next
advertisement

After 5 years, Firefox faces new challenges

Mozilla helped reshape the Web since releasing Firefox 1.0 five years ago. Now it's got a reawakened Microsoft and Google Chrome to reckon with.

There's a map for that: GPS or smartphone?

Almost every handset comes with mapping software these days, but standalone GPS devices are becoming more affordable than ever.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET