Keurig 2.0 Genuine K-Cup Spoofing Vulnerability 270
An anonymous reader writes A security researcher has released a humorous vulnerability description for the Keurig 2.0 coffee maker, which includes DRM designed to only brew Keurig brand coffe pods (K-Cups): "Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup." The vulnerability description even includes mitigating controls, such as keeping the Keurig in a locked cabinet when not in use.
Also at Hackaday.
Holy Fuck! (Score:5, Funny)
Re:Holy Fuck! (Score:4, Funny)
And the poor customers gets duped into buying a counterfeit pods without even realizing it!
That must be stopped!
Think of the customers!!
Re:Holy Fuck! (Score:5, Insightful)
Obviously the solution is to put a tax on all normal coffee and send the money directly to Keurig.
Re:Holy Fuck! (Score:5, Funny)
when the little needle in the Keurig device comes down and punctures the spoofed k-cup, it will surely execute an Java injection attack.
Re: (Score:2)
You nailed it. Let's take this argument to Congress and see if it is absurd enough to make them think.
Re: (Score:2)
No. That will inspire them to create an amendment and make the Keurig Coffee Tax part of the Constitution.
Re: (Score:3, Insightful)
They spent money on RFID tags and charged the consumer more to ensure that the customer pays them more money by not buying off-brand stuff. Now that's how you show customer appreciation.
Re:Holy Fuck! (Score:5, Interesting)
Re: (Score:3)
Holy fuck! These pirated K-Cups are going to hurt the whole industry!
As evil as imported prescription drugs. I feel for those poor customers who buy something that's claims to be a K-Cup when in reality they're getting scammed.
</snark>
In other news, cold brew coffee [traderjoes.com] has removed any desire for me to brew my own. I only drink 1-2 cups a day, and since I've switched to cold-brew, my jittery feelings are all gone, and my productivity remains unimpaired (well, aside from /. ). At 8 cups per bottle, that's about $1/day, with no mess, 30s prep time to combine the milk, cof
Re: (Score:3, Funny)
Nesspresso! (Score:5, Funny)
I demand additional ineffective security procedures for my Nespresso machine. I'm completely ineffectively unprotected.
Re: (Score:3)
Well, then might I suggest wearing a condom, a helmet, and elbow pads the next time you make coffee?
Me, I'll go with my open source espresso machine which lets me put any coffee of my choosing in, and produce any of several different cup sizes, depending on how long I keep the water flowing.
No vendor lock-in, FTW!!
Re: (Score:2)
Re: (Score:3)
That's just an RFC. You need a real international standard.. http://www.iso.org/iso/iso_cat... [iso.org]
Re: (Score:2)
Agreed. I just stock up when I visit San Francisco.
off topic (Score:2)
Re: (Score:2)
I go here: http://www.dwell.com/post/arti... [dwell.com]
What happens inside, I'm not allowed to say.
Apparently it's very easy to get around (Score:4, Funny)
I know someone who keeps a genuine k-cup lid around and just sets it on top of the off-brand cup every time he uses his machine.
But does it report artificially low ink levels? (Score:5, Insightful)
Re: (Score:2)
Because K-Cups have a great range of coffee, and are available almost anywhere?
Re:But does it report artificially low ink levels? (Score:4, Informative)
You are confusing K-Cups with these K-Cup 2.0 pods. K-Cups are what have a great range and are available anywhere - because they have no DRM and all patents were worked around. K-Cup 2.0 pods have a very horrible range and limited distribution. I feel sorry for anyone suckered into buying one of these newer brewers.
Re: (Score:3)
I have the Vue system. This is apparently an ugly redheaded stepchild (like Windows ME, or Windows XP x64 Edition) that came between the "original" Keurig, and Keurig "2.0". It lacks any form of DRM, and there are $10 plastic adapters on eBay that allow you to brew any original K-Cup pack using the Vue. I tried it and it works fine.
The features of the machine are much better than the original Keurig: larger water tank, touchscreen with customizable temperature and water amount, it heats up and brews faster,
Re: (Score:2)
Yeah, the only thing that got me off Win2k was DRM.
The games I wanted to play had DRM that the crypto API in Win2k didn't support.
"Upgraded" to Vista. Was I ever bitten.
Re: (Score:2)
That doesn't equate to great tasting coffees, though they are better than most (if not all) of the canned stuff.
And I'm far less of a snob with coffee than with beer - I will actually drink Keurig or canned coffee but I need to add cream. For black I prefer beans roasted 5 days or less before use and burr ground, with grind type as per the style of coffee (Turkish, espresso, french press, drip). Yes, home roasted. Unlike beer, home roasting has saved me a fortune after the initial expense, too ($~130 for 20
Re: (Score:2)
So before Keurig came along, coffee was limited to only a handful of flavors and was difficult to find? And Keurig solved this problem, but no other coffee maker has, so the best solution is to buy a consumer-screwing machine?
Re: (Score:2)
Re: (Score:2)
US Airways private lounges have these things. Friends of mine have one. Honestly, if there wasn't DRM, I'd be tempted to get one for work, so that I don't have to brew a lot of coffee when I only want one cup.
Re: (Score:2)
Because the ability to make a single serving of exactly the coffee one wants and to then have someone else do the exact same thing for their particular tastes is worth something.
US Airways private lounges have these things. Friends of mine have one. Honestly, if there wasn't DRM, I'd be tempted to get one for work, so that I don't have to brew a lot of coffee when I only want one cup.
There are many other brands of brewers that make single serving coffee and none of them force you to use any particular brand of cup.
Re:But does it report artificially low ink levels? (Score:5, Insightful)
So, on the off beat chance you don't know this ...
Most of those single serving cups are, in fact, the k-cup form factor. The patents for those expired several years ago, and everybody could make compatible stuff. Because, really, it's a little plastic tub with coffee in it and it isn't rocket science. You can buy them anywhere, and find lots of makers which support them.
Now ... this is the new hotness. The K-cup 2.0, with DRM.
So, all of those brands of brewers and cups you could buy? You still can. Nothing about those has changed. Your older Keurig machine? Nothing has changed with that either.
But, if you end up buying a newer Keurig machine ... suddenly you get DRM, specifically because it's the razor blade business model, and Keurig has decided you must buy from them.
Re: (Score:3)
from your description it sounds like Keurig has always been DRM'd. their previous form was the patent, but since that expired they had to go with an electronic form.
Re: (Score:2)
Because, really, it's a little plastic tub with coffee in it and it isn't rocket science.
I'd argue that a 'k-cup' would be hard to patent due to having an obvious nature. The trick would be that the machine is patented, which is why 'everybody' could make k-cup compatible tubs, but not the machines. Well, a google search shows those patents have likely expired as well, I'm seeing lots of compatible machines.
Really, you'd just have to change the machine enough to avoid Keurig's patents. How? Depends on how the patents were written.
Re: (Score:3)
Re: (Score:3)
There needs to be a warning on the box of devices that come with anti-consumer DRM installed. Like the warnings on boxes of cigarettes. Something unmissable. It's only fair to make sure consumers aware of what they are buying and that it is unlikely to work properly.
Re: (Score:2)
Because the ability to make a single serving of exactly the coffee one wants and to then have someone else do the exact same thing for their particular tastes is worth something.
US Airways private lounges have these things. Friends of mine have one. Honestly, if there wasn't DRM, I'd be tempted to get one for work, so that I don't have to brew a lot of coffee when I only want one cup.
Go cold brew - the coffee lasts weeks in the fridge, and doesn't cause me to get jittery nearly as much. Lastly, I don't have to cold-brew myself - it's easily available in large quantities at a store (TJs) so, like UHT milk, I can buy weeks of supply at a time and even buy online.
Re: (Score:2)
My wife loves the convenience of instant coffee. I wanted to stick with a regular drip maker, but she did not like the mess involved in cleaning it up nor how long it took to make a pot. I don't like the expense and the waste of K-Cups, but the wife always wins in these sort of disagreements.
I must admit that the new Keurig makers are nicer than the old ones as they seem to have changed the pumping mechanism. That was always a weak spot with the old ones, especially if you had non-optimal water. Well wa
Re: (Score:2)
Have you complained to Keurig directly about the "genuine K-Cups" that will not function and asked for replacements? The only way to prevent this sort of crap is to raise a stink about it. Also consider returning the coffee maker and gving it a negative review on Amazon. Seriously, why are you putting up with this quietly?
Re: (Score:2)
Nobody wants DRM. The companies impose it on us to prevent unauthorized use.
I think for a coffee maker. The fact that they are trying to say which coffee you can and can't use is really stupid. Unless they show that ripoff k-cups somehow harm the system.
I know with Solid Ink Printers. You really need to use the branded ink. The cheap third party stuff has a slightly differing heating and cooling rate. Where over time they gum up the internals and you have a printer with solid ink stalagmites and stalac
Re: (Score:2)
Unless they show that ripoff k-cups somehow harm the system.
So what if it harms the f***ing system? I BOUGHT it. It's MINE. If I want to harm the system, that's my choice.
This is a "Fords will only use Ford Brand gas" thing. I wonder if they can be sued under Magnusson-Moss?
Re: (Score:2)
Re: (Score:2)
Convenience =/= Laziness
And the value of my time and comfort has nothing to do with "poor math skills."
They're incredibly convenient devices for people who, on a whim, want a cup of coffee, cappuccino, tea, coco, cider or coco, or who, after a dinner party, would like to offer that wide variety of coffee/tea choices to their guests. This is all doubly true for people who like drinking coffee only sparingly, or only like making sure they can offer coffee to their guests.
The same reason that I can't hire som
K-Cups? (Score:5, Funny)
Trying to control a market they no longer own... (Score:2)
This smacks of IBM and the PS/2. Long after they lost control of the market they created, they attempted to force their own propeitary expansion bus and other architecture on everyone. The end result is that the market took from them the few bits they liked and shoved them aside like yesterday's trash.
With so many alternatives out there, why on earth would anyone buy this idiotic machine that attempts to force you to use their cups yet fails miserably at doing do?
Good! (Score:3)
Keurig coffee, with all their DRM, just adds to our waste-plastic problem and costs about twice as much as coffee you grind at home. (http://goo.gl/NiVJ8D)
Get yourself a stainless steel cup, throw some coffee in there, and use the pilfered K-Cup tag to make it all work together.
Welcome to the... (Score:3)
Where all manner of previously easy to use appliances and household goods come with phone-home DRM for "added value".
Single most useful Slashdot article ever (Score:2)
I now forgive you in perpetuity for Bennett Haselton and Dicevertisements...
Keurig, meet IBM (Score:2)
Sounds like the HP and IBM law suits over printer cartridge lock-in.
This is *exactly* the kind of thing that the DMCA was made to prevent! Tape is a circumvention device and should be banned! (Since there was recently an article here about how the DMCA is being abused, so I'm itching for them to issue a DMCA takedown against this article so I can add it to the list of reasons to repeal the DMCA).
Workaround (Score:5, Funny)
1. Go to your favorite sore that carries coffee makers
2. Purchase a drip, french press or percolator, or whatever type I missed as per your wishes.
3. Buy some coffee at the same store. This may come as a shock to many people, but there is a large variety of typs of coffees out there. Different grinds, or grind your own - it is amazing I tell you, must be something new. Keurig is not the only company out there. I'm partial to a brand roasted in Philly, that I purchase from of all places, a diner in Rio Grande, New Jersey. But I digress.
Brew your own fucking coffee the way we used to do it when men were men, and the sheep knew to be respectful. Enjoy it on the patio, yelling at kids to get off the lawn.
Re: (Score:2)
The "way we used to do it when men were men" was to roast one serving worth of beans in a skillet, grind them with a mortar and pestle, steep the grounds in water, and then strain the coffee through muslin or cheesecloth. Also you have to heat the water over a wood-burning stove. Anything less means I get to look down on you.
This could lead to death (Score:5, Funny)
A malicious attacker could substitute toxic fake coffee or hot chocolate for the real thing.
A malicious attacker could also substitute a coffee or hot chocolate that is tainted with a chemical that creates slight etchings in the surface of the coffee cup or other cup used to hold the end product. For certain types of cups, the result will be a cup that will be more likely to harbor bacterial growth than one with a smooth surface. Assuming a successful attack, the risk of illness or fatality is low for a healthy adult but it might be significant for a person with a suppressed or compromised immune system.
Recommended mitigation:
Keep people who want to kill you away from your coffee maker.
Re:This could lead to death (Score:5, Interesting)
Even worse, they might brew the coffee with (*gasp*) Dihydrogren Monoxide!!!
These stupid ass one shot coffee makers (Score:2, Troll)
How
Fucking
Handy.
And so cool that the last people get their cup long after the first are done, or more likely if the guests have manners, the first will wait ahile their coffee gets cold.
In a world where people become lazier ever day, it's hard to imagine how such a waste of tim
Re: (Score:3)
If you have so many friends over, You're doing it wrong.
The obvious solution is to have as many Keurig coffee makers as you have visitors.
Re:These stupid ass one shot coffee makers (Score:4, Funny)
Would that be a Beowulf Keurig Cluster?
Re: (Score:2)
I'm not a Keurig fan by any stretch. I use a french press at home. But you seem to lack any sort of creative imagination. Here's the alternate story.
Ever have a group of people over who would like some coffee? Sow now instead of each person getting to brew the coffee variety of flavor or decaf level that they would like in an individual cup, you have to brew many full or partial full pots of coffee so people can be happy. Or you just say screw you to your guests and make them drink the fully caffeinated sup
And that's why you should stick with open source. (Score:2)
Let's counter-balance that free Keurig ad a little (Score:5, Funny)
Tassimo [tassimo.com]
Nespresso [nespresso.com]
1000 Years Jail Time or Aaron Swartz Yourself (Score:3)
For infringing DMCA, wire fraud, computer fraud and abuse, circumvention and dissemination of DRM, racketeering, leading to losses of [pinkie] One Billion Dollars [/pinkie] to Keurig.
Stand by for completely over-the-top reaction from the Establishment.
A more elegant hack (Score:4, Insightful)
The way demonstrated in the video is a pretty ugly way to fix the problem, you have to constantly put your fake lid on top of the cup you make. Towards the back left side of the piece that lowers down there's some kind of small optical sensor that looks for the keurig border that's only on keurig cups -- if you peel the label off one you can cut out a small piece of just the border and tape it directly under the sensor -- you just have to make sure it's lined up the way it expects and you'll never have to futz with an extra lid again. Some quick scissor work and a piece of scotch tape and it's been going strong for probably around 2 months now.
Someone already designed a perminant solution. (Score:5, Informative)
Freedom Clip: Clips onto your Keurig over the DRM sensor hole so you don't have to mess with extra foil.
https://www.gourmet-coffee.com... [gourmet-coffee.com]
Coffee percolator (Score:3)
I've had better coffee from a coffee percolator than from a K-Cup. It's simpler too, if you have one with a mesh screen you don't need filters and easily rinses out if you don't leave the coffee in it all day. Else you can scrub it out with a long handled brush when it starts smelling like old coffee. (for me the percolator coffee seems to do the best job at high altitude, start boiling at about 92C for me)
Since K-Cup's can't make espresso (not enough enough pressure), no need to compare it to a proper espresso machine. It's simply an elaborate drip coffee maker. A $30 Mr. Coffee from Costco will also make a fine drip coffee. You can use expensive unbleached compostable paper filters if you want, they're still a few percent of what each K-Cup costs.
My compost pile loves used coffee grounds.
Re:Someone has (Score:5, Funny)
It's a Java vunerability (Score:5, Funny)
in the Java run time environment
Re: (Score:2)
This could cause Arabica beans to be made available on office coffee servers throughout the enterprise!
Re: (Score:3)
They could let those Ay-rab beans in? We need comprehensive K-cup reform or the terrorist coffee farmers will win!
Re:Someone has (Score:5, Insightful)
Considering the impact on the environment of pods that just ends up in the garbage there's now two reasons not to buy them.
OK, the coffee they make isn't bad, but what's wrong with an ordinary espresso machine?
Re: (Score:3, Insightful)
Waste.
Keurigs one selling point is that only coffee that is wanted gets made(baring people who toss it after it gets cold). I can't tell you the number of pots of coffee I made that I have thrown out. Probably around 30%. The k cups allow only coffee that is desired to be made at the cost of extra plastic waste. Bonus you can get increased variations of coffee. ao different people can get the different flavors they want including hot chocolates and teas for those who don't drink coffee.
You can't do tha
Re:Someone has (Score:4, Insightful)
But I think it is the other waste factor that people are more concerned about, trash generated per cup of coffee.
Re: (Score:2)
Trash generated in the household per cup of coffee, you mean. I wonder how much waste is produced by the whole supply chain of coffee beans -> your home? It's like that electric car thing where you still need to generate power somewhere, and if you're not using clean energy, you're just moving the location of the pollution.
Okay the cups are probably greater magnitude of waste but still, unused coffee does have a higher cost than just "pour it down the drain".
Re:Someone has (Score:5, Insightful)
I use a French press, beans, and a grinder. Zero waste other than the grounds (and if I had a yard, I could compost them). The grinder's a hand-cranked model, so the only power used is to heat the water.
I've been making coffee this way for years, but never thought about the fact that it's also very conservative of resources until now.
And I despise the capsule-style makers on general principles; as for Keurig--if I won't accept DRM for my music and video, I sure am as fuck not going to accept it for my coffee.
Re: (Score:3)
However, overall efficiency is still higher for electric cars even after repeated transformations.
Totally off topic and likely wrong. Storing energy in a battery is wildly inefficient and when you couple the transmission and generation losses along the path from say Natural Gas -> Steam -> AC electricity -> DC Electricity -> battery -> motion there is a lot of energy lost. I'm not sure, but I'd not be surprised if you don't actually burn MORE Natural Gas going the EV route than a standard internal combustion engine would. All that transmission and conversion loss is going to really bur
Re:Someone has (Score:4)
Re:Someone has (Score:4, Informative)
I would rather end up with liquid coffee and coffee grounds as waste products. The plastic and mylar? Not so much.
You know, they've had ground coffee in various flavors for literally decades, it's a solved problem. You can buy the bean whole or ground.
Maybe, maybe not ... but they've had this remarkable invention called a kettle for most of recorded human history.
Re: (Score:3)
Re: (Score:2)
Too bad you can't easily use the coffee grounds when they're encased in dozens of stupid little plastic cups.
Re: (Score:3)
Get a reusable K-cup. Then you can use whatever coffee you want and dump only the grinds (or put them into a garden). Of course, you can't do this with Keurig 2.0's DRM which is why we're sticking with our "1.0" model.
Re: (Score:3, Interesting)
Re:Someone has (Score:4, Informative)
And the advantage over a "generic" coffee machine capable of brewing single cups is...?
I'm not a big coffee drinker, I had a roommate with an espresso machine for a while - brewed at most two cups at a time. After brewing you throw away the grounds, rinse the strays out of the "cup", and you're good to go again. Like a cast iron pan, it's only used when exposed to germ-killing heat so you don't even have to wash it unless except occasionally to prevent buildup of unpleasantly flavored residues. And it takes what, 2 seconds longer? You'll spend a lot more than that paying for those expensive little pre-packaged coffee scoops.
Re: (Score:2)
As another person pointed out - a coffee filter and used up coffee grounds not that detrimental to the environment - there's a high level of biodegrability there.
Plastic cups? Not so much.
This also negates the fact that from a cost perspective, regular ground coffee (even better varieties) cost significantly less than K-cups. You may be financially ahead throwing out your extra.
Re:Someone has (Score:5, Interesting)
Here in Montreal some dude has a mushroom growing kit that grows on a bag filled with coffee grounds. They were the most intensely flavored mushrooms I ever tasted. I was like getting hit in the face by a boxing glove made of mushrooms.
Re: (Score:2)
Please share the info, I'm pretty sure other people here live in (or near) Montreal.
Re:Someone has (Score:5, Funny)
I was like getting hit in the face by a boxing glove made of mushrooms.
Sounds like they were some pretty good mushrooms. were you also at a pink floyd concert by chance?
Re: (Score:2)
Re: (Score:3)
This is why I used a cafetiere for the longest time.
I made all the coffee I wanted to drink at once, and the only waste was the grounds (and yes, it seems I'm wasting them, thanks for the tips about using them as soil improvement, sibling poster.
Now I use an Aeropress.
It makes better coffee, at the cost of a small circle of filter paper as waste. The grounds are much easier to deal with because it compresses them into a puck. I may even start saving them for my herb garden....
Re: (Score:2)
My Breville Youbrew [brevilleusa.com] (I have no affiliation...) does that, too. The amount is variable from a small cup through a full pot. Strength is adjustable. No extra waste if you use the gold foil basket. Plus, it will grind fresh beans immediately before brewing. So, the only incremental costs are coffee beans, water and electricity.
And, if you just want hot water, or want to fill the basket with something other than ground beans from the hopp
Re: (Score:2)
We have a Keurig (which we won... didn't buy it) and were concerned about waste. My wife bought a reusable K-cup and buys coffee in bulk. She scoops in the appropriate amount of coffee into the reusable K-cup, brews her cup of coffee, and then dumps the grinds/washes the reusable K-cup. Every so often, she runs the reusable K-cup in the dishwasher.
Of course, Keurig 2.0 would flag her reusable K-cup as a non-allowed K-cup and wouldn't let her brew coffee. This is a big reason why we won't be buying a Keu
Re: (Score:3)
Re: (Score:3)
The poster you replied to specifically said "an ordinary espresso machine"; from your reply ("waste") I gather that you are unfamiliar with how a typical home espresso machine works. They typically make one (or some larger machines two) cups of espresso at a time, and they use steam forced through a reusable metal cup with tiny holes in it. There is no extra coffe to get cold, there is not even a filter to toss away: just take out the cup and tap it with the metal part of the handle that twists off when you
Re: (Score:2)
Re: (Score:2)
And for that convenience you sell your control over your coffee maker.
I mean, seriously. It's a hot water machine with DRM on it. If the bottled water guys get hold of this idea, they'll make a kettle that only boils when you put the cap from the bottle into a slot. See what a ludicrous idea that is?
I have an Aeropress. You put a paper filter, and coffee in it. When you're done, you're left with a puck of coffee grounds which you eject into your (compost) bin.
You then rinse it under the tap and enjoy your c
Re: (Score:3)
It really isn't that great of coffee. It's not bad, just a quick cup of mediocre coffee done quickly.
But the appeal has always been coffee in about 30 seconds, with only a button to push, and no cleanup.
Having both a keurig and a single serve espresso machine: in the mornings I'll go with the Keurig -- coffee's ready by the time i finish leashing up the dogs and getting ready to take them outside. If i want an actual cup of coffee to relax and enjoy though; the espresso machine wins 100% of the time.
Re: (Score:3)
Considering the impact on the environment of pods that just ends up in the garbage there's now two reasons not to buy them.
OK, the coffee they make isn't bad, but what's wrong with an ordinary espresso machine?
(1) A Keurig doesn't make espresso -- its pressure is nowhere high enough. (2) Cost: if you really want espresso worth making at home, you're going to pay a LOT more than it costs for a Keurig. (Well, in the short-term anyway; if you keep buying the K-cups, maybe not.)
Anyhow, I would never have bought one of these things myself, but I was given one by a family member something like 6 or 7 years ago. She had used it, but had some trouble with hard water clogging things up, and eventually she got Keurig
Re: (Score:2)
I use the Keurig for when I have m
Re: (Score:2)
Wrong. I have these [walmart.com]
I usually use these with my Keurig. Ocasionally I use standard K-Cups. No need to remove/reinsert the insert.
Re: (Score:2)
Re:Keurig's only reason is profit. (Score:4, Informative)
Re: (Score:3)
If you can make an inkjet use the Keurig modules for ink, we could save a ton of money...
Re: (Score:3)
Re: (Score:2)
Lawyers don't laugh - it throws them off their count while going through their piles of money.
Re: (Score:2)
I seriously doubt they're putting a 10-cent-or-more RFID chip in each cup. Particularly given that they're apparently also using a CCD to read the label.
Re: (Score:2)
RFID or bar code the same thing applies.