Wednesday, June 18, 2008

Coffee break-ing news

While the Internet has made journalism a lot easier--thanks to e-mail, information repositories and endless streams of PDF formatted research reports--it's also made writing about something unique more difficult. Take, for example, my desire to write a new blog posting today on something I found on the BugTraq mailing list. When Craig Wright, manager for risk advisory services at BDO Kendalls Pty. Ltd., sent out a message to the ubiquitous BugTraq yesterday, stating that he could hack his coffee maker, I was naturally intrigued.
The run-down is as follows: The Jura Impressa F90 is a super high-end coffee machine that offers an optional Internet connection kit. Wright, naturally, threw some attacks at the thing and discovered that it ran Windows XP. He also discovered that he could take over the OS with remote attacks. What can you do with a hacked coffee machine? Well, you can make it spit out more water than the cup will hold, making a black puddle nearby. Or, you can spin the dials on all the coffee maker settings so that it essentially crashes when trying to make a cup of joe.
Oh, and there's no way to patch the thing to prevent these vulnerabilities.
Naturally, this is the sort of exciting story we here at Systems Management News would love to report on, just for giggles. It would even be worth getting ahold of Mr. Wright for an interview.
Unfortunately, because this is the Internet, the story has already been posted on Slashdot, Digg, Boingboing, and a host of other sites around the Web. Therefore, I felt that it would be relatively pointless for me to even mention the thing here.
Of course, I just did. It's hard not to get all reportery, when people go plugging their kitchen appliances into the Internet. Up until now, the only Internet-connected appliances I've ever seen were a refrigerator at Microsoft's headquarters (A strange and out-of-place steel affair sitting in a visitor center, alone in the waiting area), and the NetBSD project's seminal toaster. Anyone who's been to a conference where NetBSD had a booth has seen this thing: It's a red multi-slice toaster with an LED screen pasted onto the side. The fact that this contraption actually ran NetBSD really made no difference to the toaster: it still toasted in the normal fashion. But the fundamental point of that kitchen appliance was to prove that NetBSD can, in fact, run on just about anything.
So, now that we've cleared all this up, I'm off to make some good old-fashioned tea by putting water inside of a metal pot and placing it on top of an open flame. And while I may still have to worry about finding original stories to report in this competitive news industry, at least I won't have to worry about someone hitting up my beverage with a buffer overflow.

-- Alex Handy

No comments: