Reporter Kenneth Buckler
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity
of coffee pods, known as K-Cups, uses weak verification methods, which are
subject to a spoofing attack through re-use of a previously verified K-Cup.
CVSS Base Score: 4.9
Impact Subscore: 6.9
Exploitability Subscore: 3.9
Access Vector: Local
Access Complexity: Low
Confidentiality Impact: None
Integrity Impact: Complete
Availability Impact: None
Keurig 2.0 Coffee Maker
Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups.
However, a flaw in the verification method allows an attacker to use
unauthorized K-Cups. The Keurig 2.0 does verify that the K-Cup foil lid
used for verification is not re-used.
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee
or hot chocolate.
Step 2: After brewing is complete, attacker removes the genuine K-Cup from
the Keurig and uses a knife or scissors to carefully remove the full foil
lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps
this for use in the attack.
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the
lid. Attacker should receive an "oops" error message stating that the K-Cup
is not genuine.
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the
Keurig, and carefully places the previously saved genuine K-Cup lid on top
of the non-genuine K-Cup, lining up the puncture hole to keep the lid in
Step 5: Attacker closes the Keurig, and is able to brew coffee using the
Since no fix is currently available, owners of Keurig 2.0 systems may wish
to take additional steps to secure the device, such as keeping the device
in a locked cabinet, or using a cable lock to prevent the device from being
plugged in when not being used by an authorized user.
Please note that a proof of concept is already available online.
Proof of concept at http://www.keurighack.com/
Vulnerability Writeup by Ken Buckler, Caffeine Security