An Australian man has discovered security holes in his internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak.
The Jura F90 coffee maker
Credit: Jura.
Craig Wright, a risk advisory services manager at professional services firm BDO, found several security holes, including a buffer overflow in the internet connection software that links his Jura F90 coffee maker to his PC.
Once connected to the internet, the high-end coffee maker, which retails for nearly US$2,000 on Amazon, lets you do things like set the strength of your coffee and get remote diagnostic help over the internet without having to send the appliance in for service.
Wright posted the information on the vulnerabilities, and the fact that there is no patch available yet, to the BugTraq security e-mail list on Tuesday.
A US-based public relations representative for the coffee maker said she would try to reach spokespeople in the Switzerland headquarters for comment.
The threat hasn't kept Wright awake at night, although the coffee does, he said in an interview with ZDNet.com.au sister site CNET News.com at 2:30 this morning, Sydney time.
"I don't know if many people would target this particular vulnerability because there probably are not a lot of coffee makers at the moment that are internet-connected, and in my case it's behind a firewall," he said.
However, internet-connected appliances are the wave of the future. There is already an internet-connected refrigerator, at least one prototype of a Web-enabled oven, and pilot tests for dryers and water heaters.
Eventually "you'll be able to turn on your oven with your mobile phone" and a malicious hacker could wind up burning the house down, Wright said.
You could say this is a ‘java’ vulnerability.
And since it is an overflow, the first-responders toolkit should probably include a sponge and bucket.