Coffee drinkers in peril after espresso overspill attack

News by Richard Thurston

A geeky risk advisory manager from global accountancy firm BDO has hacked into a leading coffee machine, causing it to pour scalding water onto unsuspecting espresso lovers

An Australian man has exploited security vulnerabilities in a leading coffee machine which could lead to an overflow of scalding water being poured into unexpecting users' coffee cups.

Craig Wright, a risk advisory services manager with accountancy giant BDO, said he could use an internet connection to meddle with the coffee machine to cause it to release too much hot water or too much coffee powder.

Writing on security mailing list BugTraq, he said he could also break the machine by tweaking its settings.

The attack is possible because two models of the machine, the Jura Impressa F90 and Jura Impressa F9, have internet connectivity.

Switzerland-based Jura manufactures glorified coffee makers that retail for over £1000.

Jura introduced internet connectivity to the machines so they can be mended remotely by engineers. It's believed to be the first espresso maker with that capability.

Wright said he thought the flaw could not be patched.

"Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on, at the level of the user," he said.

Wright added that he has now installed his machine behind a firewall.

In a statement, Jura claimed Wright was misinformed. It said: "The Internet Connectivity kit which can optionally be acquired... will at no time connect the coffee machine to the world wide web. Its settings can therefore only be changed by the machine's rightful owner. JURA systems do not allow hacker attacks."

Jura added that it would get in touch with Wright to resolve the matter.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews