Internet hacking through domotica to become a reality?
Message on security focus:
I have a Jura F90 Coffee maker with the Jura Internet Connection Kit. The idea is to:
"Enable the Jura Impressa F90 to communicate with the Internet, via a PC.
Download parameters to configure your espresso machine to your own personal taste.
If there's a problem, the engineers can run diagnostic tests and advise on the solution without your machine ever leaving the kitchen."
Guess what - it can not be patched as far as I can tell ;) It also has a few software vulnerabilities.
Fun things you can do with a Jura coffee maker:
1. Change the preset coffee settings (make weak or strong coffee)
2. Change the amount of water per cup (say 300ml for a short black) and make a puddle
3. Break it by engineering settings that are not compatible (and making it require a service)
The connectivity kit uses the connectivity of the PC it is running on to connect the coffee machine to the internet. This allows a remote coffee machine "engineer" to diagnose any problems and to remotely do a preliminary service.
Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.
Compromise by Coffee.
Craig Wright GSE-Compliance