I have a Jura F90 Coffee maker with the Jura Internet Connection Kit. The idea is to:
“Enable the Jura Impressa F90 to communicate with the Internet, via a PC.
Download parameters to configure your espresso machine to your own personal taste.
If there's a problem, the engineers can run diagnostic tests and advise on the solution without your machine ever leaving the kitchen.”
Guess what – it can not be patched as far as I can tell ;) It also has a few software vulnerabilities.
Fun things you can do with a Jura coffee maker:
- Change the preset coffee settings (make weak or strong coffee)
- Change the amount of water per cup (say 300ml for a short black) and make a puddle
- Break it by engineering settings that are not compatible (and making it require a service)
As a bad pun, the third attack could be called a Java denial of service...
The connectivity kit uses the connectivity of the PC it is running on to connect the coffee machine to the internet. This allows a remote coffee machine “engineer” to diagnose any problems and to remotely do a preliminary service.
Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.
Compromise by Coffee…