Security News > 2021 > February > Nespresso Smart Cards Brewed with Weak Security

Nespresso Smart Cards Brewed with Weak Security
2021-02-04 19:26

Researchers have demonstrated how to outsmart Nespresso Pro machines that use certain smart cards, hacking them to dispense coffee on-demand.

Some of the commercial machines accept Mifare Classic stored-value smart cards, which allow users to load money onto the cards to use in the machines.

The cards however have been widely panned as lacking in security for at least the past 12 years.

That didn't stop Nespresso from using the cards with its Nespresso Pro public machines, which are installed throughout Europe - despite updated alternatives being available, like the Mifare Plus smart cards , according to researcher Polle Vanhoof.

"While attempting to crack the keys for the Nespresso cards I encountered some bugs that would prevent the application from properly dumping the keys," Vanhoof said.

To fix the bug, Vanhoof explained Nespresso users should upgrade their smart cards.


News URL

https://threatpost.com/nespresso-smart-cards-weak-security/163675/