Tuesday, July 1, 2008

Coffee Machine is hackable, Amazing things in amazing world...

My classmate finds vulnerability in his coffee maker.

Craig Wright, my classmate and a risk advisory services manager at professional services firm BDO, has discovered security holes in his internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak.

He found several security holes, including a buffer overflow in the internet connection software that links his Jura F90 coffee maker to his PC.

Once connected to the internet, the high-end coffee maker, which retails for nearly US$2,000 on Amazon, lets you do things like set the strength of your coffee and get remote diagnostic help over the internet without having to send the appliance in for service.

Wright posted the information on the vulnerabilities, and the fact that there is no patch available yet, to the BugTraq security e-mail list on Tuesday.

"I don't know if many people would target this particular vulnerability because there probably are not a lot of coffee makers at the moment that are internet-connected, and in my case it's behind a firewall," he said.

However, internet-connected appliances are the wave of the future. There is already an internet-connected refrigerator, at least one prototype of a Web-enabled oven, and pilot tests for dryers and water heaters.

Eventually "you'll be able to turn on your oven with your mobile phone" and a malicious hacker could wind up burning the house down, Wright said.

Further article can be read from here.

No comments: