Jump to content
Nytro

Keurig 2.0 Genuine K-Cup Spoofing Vulnerability

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Keurig 2.0 Genuine K-Cup Spoofing Vulnerability From: Kenneth Buckler <kenneth.buckler () gmail com>

Date: Tue, 9 Dec 2014 13:04:20 -0500

*Overview*

Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity

of coffee pods, known as K-Cups, uses weak verification methods, which are

subject to a spoofing attack through re-use of a previously verified K-Cup.

*Impact*

CVSS Base Score: 4.9

Impact Subscore: 6.9

Exploitability Subscore: 3.9

Access Vector: Local

Access Complexity: Low

Authentication: None

Confidentiality Impact: None

Integrity Impact: Complete

Availability Impact: None

*Vulnerable Versions*

Keurig 2.0 Coffee Maker

*Technical Details*

Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups.

However, a flaw in the verification method allows an attacker to use

unauthorized K-Cups. The Keurig 2.0 does verify that the K-Cup foil lid

used for verification is not re-used.

Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee

or hot chocolate.

Step 2: After brewing is complete, attacker removes the genuine K-Cup from

the Keurig and uses a knife or scissors to carefully remove the full foil

lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps

this for use in the attack.

Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the

lid. Attacker should receive an "oops" error message stating that the K-Cup

is not genuine.

Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the

Keurig, and carefully places the previously saved genuine K-Cup lid on top

of the non-genuine K-Cup, lining up the puncture hole to keep the lid in

place.

Step 5: Attacker closes the Keurig, and is able to brew coffee using the

non-genuine K-Cup.

Since no fix is currently available, owners of Keurig 2.0 systems may wish

to take additional steps to secure the device, such as keeping the device

in a locked cabinet, or using a cable lock to prevent the device from being

plugged in when not being used by an authorized user.

Please note that a proof of concept is already available online.

*Credit: *

Proof of concept at KeurigHack.com

Vulnerability Writeup by Ken Buckler, Caffeine Security

Caffeine Security

Video:

Sursa: Full Disclosure: Keurig 2.0 Genuine K-Cup Spoofing Vulnerability

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...