WiFi Hacking Mr. Coffee

You wake up on a Sunday, roll out of bed, and make your way to the centerpiece of your morning, the magical device that helps you start your day: the coffee machine. You open the companion app, because everything has an app in 2020, and select a large latte with extra froth. As you switch open a browser to check Hackaday, the machine beeps. Then the built-in grinder cranks up to 100, the milk frother begins to whir, and the machine starts spraying water. Frantic, you look at the display for an error code and instead see a message instructing you to send $75 to a bitcoin wallet, lest your $300 machine become a doorstop.

Outlandish though it may seem, this has become quite a real possibility, as [Martin Hron] at the Avast Threat Labs demonstrates. In fact, he could probably make your modern macchiato machine do this without setting foot in your house (so long as it comes with a built-in ESP8266, like his did).

Building on others’ work that identified the simple commands that control the machine over it’s WiFi connection (nothing says “brew me a nice cup o’ joe” like 0x37), [Martin] reverse-engineered the Smarter Coffee companion app to extract and reverse engineer its firmware. He was actually able to find the entire firmware image packaged within the app- relatively uncommon in the world of Over-The-Air (OTA) updates, but convenient in this case. Using Interactive Disassembler (IDA) to sift through the firmware’s inner workings, he identified the functions that handle all basic operations, including displaying images on the screen, controlling the heating elements, and of course, beeping. From there, he modified the stock firmware image to include some malicious commands and ran an OTA update.

The mind-boggling part here is that not only was the firmware transmitted as unencrypted plaintext over unsecured WiFi, but the machine didn’t even require a user to confirm the update with a button press. With one quick reboot, the trap was set. The machine operated normally, while waiting for “Order 66,” causing it to turn all the heating elements on, spool up the built-in grinder, and beep. Constantly.

While a broken coffee machine seems relatively innocuous, there are some pretty significant lapses in hardware/firmware security here that, while avoidable, almost seem unnecessary in the first place. It makes us wonder- why does Mr. Coffee need a smartphone in the first place?

Continue reading “WiFi Hacking Mr. Coffee”

Embedding A Smart Switch In A Java Factory

When you need coffee, you don’t need any hassles standing between you and caffeination. Especially ironic hassles, like having to do more to turn on appliances inside of home automation schemes than you did without them.

[Maurice Makaay] bought a smart plug to add this beautiful drip coffee machine to his Z-Wave setup, but it isn’t all that smart. Starting the brew remotely means making sure that both the machine’s power switch and the smart plug switch are on. Some members of the household still like making their coffee the old-fashioned way, so [Maurice] came up with a smart, single switch solution to satisfy both cases.

The answer comes in the form of a Z-Wave switch that takes dual inputs and is small enough to fit inside the machine. After a lot of searching around for compatible, splash-proof parts, [Maurice] replaced the existing on/off rocker with a momentary rocker for making coffee manually. That switch labeled ‘extra heet’ used to turn the warming burner on and off. Since he never uses the burner, the switch receptacle now houses a power indicator light.

[Maurice] went about this mains appliance hack the right way — he used extra thick wires connected with lever nuts, and kept the machine’s equally beautiful spare parts and safety documentation by his side the whole time. A person could probably become a lot more comfortable with the idea of installing these by looking over [Maurice]’s pictures of the process.

You know how coffee makes everything better? Turns out ‘everything’ includes printer filament.

Protect Your Coffee Machine With A Filter Monitor

Coffee machines are delicate instruments, likely to be damaged by limescale. Thus they will often have a filter present, but filters have a limited capacity of water upon which they can be effective. At Make Bournemouth, they have approached the problem of when to change filters on their coffee machine by applying a bit of high-tech.

The water passing through the filter is monitored by a couple of DFRobot TDS modules, a flow meter, and a DS18B20 temperature sensor. The data from these is fed into an ESP32 dev board, which makes it available by a web interface for handy accessibility through a smartphone. It can then be used to work out how much of the filter’s capacity has been used, and indicate when a replacement is needed. All the code is available in a GitHub repository, and with luck now Bournemouth’s hackerspace will never see the coffee machine succumb to limescale.

Of course, this isn’t the first coffee maker water hack we’ve brought you. A year or two ago we told you about somebody making their pod coffee maker auto-fill too.

Brasilia Espresso Machine PID Upgrade Brews Prefect Cup Of Energy

Coffee, making and hacking addictions are just bound to get out of control. So did [Rhys Goodwin’s] coffee maker hack. What started as a little restoration project of a second-hand coffee machine resulted in a complete upgrade to state of the art coffee brewing technology.

coffee_hack_arduinoThe Brasilia Lady comes with a 300 ml brass boiler, a pump and four buttons for power, coffee, hot water and steam. A 3-way AC solenoid valve, wired directly to the buttons, selects one of the three functions, while a temperamental bimetal switch keeps the boiler roughly between almost there and way too hot.

To reduce the temperature swing, [Rhys] decided to add a PID control loop, and on the way, an OLED display, too. He designed a little shield for the Arduino Nano, that interfaces with the present hardware through solid state relays. Two thermocouples measure the temperature of the boiler and group head while a thermal cut-off fuse protects the machine from overheating in case of a malfunction.

Also, the Lady’s makeup received a complete overhaul, starting with a fresh powder coating. A sealed enclosure along with a polished top panel for the OLED display were machined from aluminum. [Rhys] also added an external water tank that is connected to the machine through shiny, custom lathed tube fittings. Before the water enters the boiler, it passes through a custom preheater, to avoid cold water from entering the boiler directly. Not only does the result look fantastic, it also offers a lot more control over the temperature and the amount of water extracted, resulting in a perfect brew every time. Enjoy [Rhys’s] video where he explains his build:

Continue reading “Brasilia Espresso Machine PID Upgrade Brews Prefect Cup Of Energy”

Hacking A Coffee Machine

The folks at Q42 write code, lots of it, and this implies the copious consumption of coffee. In more primitive times, an actual human person would measure how many cups were consumed and update a counter on their website once a day. That had to be fixed, obviously, so they hacked their coffee machine so it publishes the amount of coffee being consumed by itself. Their Jura coffee machine makes good coffee, but it wasn’t hacker friendly at all. No API, no documentation, non-standard serial port and encrypted EEPROM contents. It seems the manufacturer tried every trick to keep the hackers away — challenge accepted.

The folks at Q42 found details of the Jura encryption protocol from the internet, and then hooked up a Raspberry-Pi via serial UART to the Jura. Encryption consisted of taking each byte and breaking it up in to 4 bytes, with the data being loaded in bit positions 2 and 5 of each of the 4 bytes, which got OR’ed into 0x5B. To figure out where the counter data was stored by the machine in the EEPROM, they took a data dump of the contents, poured a shot of coffee, took another memory dump, and then compared the two.

Once they had this all figured out, the Raspberry-Pi was no longer required, and was replaced with the more appropriate Particle Photon. The Photon is put on a bread board and stuck with Velcro to the back of the coffee machine, with three wires connected to the serial port on the machine.

If you’d like to dig in to their code, checkout their GitHub repository. Seems the guys at Q42 love playing games too – check out 0h h1 and 0h n0.

Thanks [Max] for letting us know about this.