[ISN] Internet-connected coffee maker has security holes

From: InfoSec News (alerts@private)
Date: Wed Jun 18 2008 - 03:35:17 PDT


http://news.cnet.com/8301-10784_3-9970757-7.html

By Elinor Mills
News Blog
June 17, 2008

An Australian man has discovered security vulnerabilities in his 
Internet-connected coffee maker that could allow a remote attacker to 
not only take over his Windows XP-based PC but also make his coffee too 
weak.

Craig Wright, a risk advisory services manager at professional services 
firm BDO, found several security holes, including a buffer overflow in 
the Internet Connection software that links his Jura F90 coffee maker to 
his PC.

Once connected to the Internet, the high-end coffee maker, which retails 
for nearly US$2,000 on Amazon, lets you do things like set the strength 
of your coffee and get remote diagnostic help over the Internet without 
having to send the appliance in for service.

Wright posted the information on the vulnerabilities, and the fact that 
there is no patch available yet, to the BugTraq security e-mail list on 
Tuesday.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Wed Jun 18 2008 - 03:45:27 PDT