EUVD-2008-7133

Malware in sbrugna...

CVE-2020-15501

Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Authentication flaw

Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-15501

The CVE-2020-15501 entry applies to the Smarter Coffee Maker before the 2nd generation. The vulnerability allows firmware replacement without authentication or authorization; user interaction is required (pressing a button). The issue affects products that are no longer supported by the maintaine...

CVE-2020-15501

Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Hacking a Coffee Maker

As expected, IoT devices are filled with vulnerabilities: As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite ...

Mr. Coffee with WeMo: Double Roast

ARCHIVED STORY Mr. Coffee with WeMo: Double Roast By Sam Quinn · May 30, 2019 McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to...

Your Smart Coffee Maker is Brewing Up Trouble

ARCHIVED STORY Your Smart Coffee Maker is Brewing Up Trouble By Sam Quinn · Febraury 25, 2019 IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster...

Your Smart Coffee Maker is Brewing Up Trouble

ARCHIVED STORY Your Smart Coffee Maker is Brewing Up Trouble By Sam Quinn · Febraury 25, 2019 IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster...

‘Hacking’ the Nespresso Prodigio and Jura E8 coffee machines

You’ll probably know by now that I have a particular interest in the security of IoT coffee machines and tea kettles. Sometimes security is so poor that we have to laugh. Such simple security issues. Now, when I’m feeling lazy and possibly a bit hung over, I really can’t be bothered to make coffe...

Keurig 2.0 Authentication Bypass

Overview Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup. Impact CVSS Base Score: 4.9 Impact Subscore: 6.9 Exploitabilit...

CVE-2008-7174

The CVE-2008-7174 entry concerns multiple buffer overflows in the Jura Internet Connection Kit used with the Jura Impressa F90 coffee maker. The flaw is triggered by improper use of gets and sprintf, enabling remote attackers to cause a denial of service and potentially execute arbitrary code via...

CVE-2008-7173

CVE-2008-7173 affects the Jura Internet Connection Kit used with the Jura Impressa F90 coffee maker. The issue is an access-control flaw that does not properly restrict privileged functions, enabling remote attackers to cause a denial of service (physical damage), modify coffee settings, and pote...