Keurig 2.0 spoofing vulnerability: Hack bypasses coffee DRM, allows brewing of any pod

Thou shalt not use coffee DRM!

I don’t know about you, but I’m not a morning person. Please do not present me with a problem or other drama first thing in the morning because I have zero, zippy, negative, none in the brain functioning department until I’ve had coffee. Since I don’t process problems well until caffeine is pumping through my system, the last thing I want to see is a coffee machine displaying an error message that tells me, “Oops!”

Motley Fool / Keurig

Are you more attached to your coffee machine or your coffee brand? Many coffee drinkers are loyal to a specific brand. But as Click2Houston’s Amy Davis explained, “If you buy the new Keurig 2.0, you are married to one brand because the new machines will only brew Keurig brand coffee pods.”

Randy Read

When Keurig’s patent expired in 2012, all sorts of coffee companies jumped on the opportunity and created their own pods. Keurig was losing market shares, so boom, say hello to Keurig 2.0 and Digital Rights Management (DRM) for coffee. It effectively locked out all of Keurig’s competitors because a tiny camera inside the $200 Keurig 2.0 machine scans for Keurig’s logo on the pod’s label. Sure it still pokes a hole in any coffee pod, but instead of brewing it, using any of Keurig’s competitors’ pods results in the error message:

Oops! This pack wasn’t designed for this brewer. Please try one of the hundreds of packs with the Keurig logo.

Ry Crist/CNET

So it seemed delightful to run across “Keurig 2.0 Genuine K-Cup Spoofing Vulnerability” on the Full Disclosure mailing list. “Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup.” In essence, as Caffeine Security’s Ken Buckler explained, “The Keurig 2.0 does not verify that the K-Cup foil lid used for verification is not re-used.”

The amusing vulnerability write-up states:

Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate.

Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack.

Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an “oops” error message stating that the K-Cup is not genuine.

Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place.

Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup.

Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user.

According to the proof-of-concept posted on KeurigHack.com, you need only one piece of tape to hack the 2.0 brewer; it’s an “easy, permanent fix.”

Thank you, Ken Buckler, Full Disclosure and KeurigHack for starting my day with a smile. Actually, there have been numerous hacks or modifications posted on YouTube since Keurig 2.0 decided to DRM coffee. Some hacks include magnets, such as this one, so that “all menu choices are unlocked for your use.” Other Keurig 2.0 hacks show how to unlock the “full menu to get more than 10 ounces of coffee from a standard K-Cup,” without using a magnet.

Previous Keurig machines, that brew any pod, will be discontinued in the first quarter of 2015. Some people feel that Keurig shot itself in the foot by DRMing coffee on the Keurig 2.0.

Keurig 2.0 uses methods that are similar to a printer that won’t use a compatible or refilled ink cartridge that is not its brand label of ink. Keurig’s system is not literally DRM, as Consumer Affairs noted. Keurig’s use of RFID K-Cup technology for its machines includes proprietary ink that was “inspired by counterfeiting technology used by the US Mint.” Without going into too much detail, Keurig’s vice president of brewer engineering explained “that an infrared light shines on the ink marking and registers the wavelength of the light reflected back.”

Kate Binette, PR spokesperson for Green Mountain Coffee Roasters, the parent company of Keurig, announced, “Each Keurig 2.0 brewer will have a camera that can ‘read’ a proprietary taggant material;” she added that it’s “similar to current anti-counterfeiting technology and will be ‘embedded on the lid of each Keurig brand pack’.” Then TreeHouse Foods filed a lawsuit (pdf) and said it would crack the Keurig 2.0 DRM and Mother Parker’s Tea & Coffee introduced its Keurig 2.0 compatible Marley Coffee RealCup.

DRM on music files, such as iTunes software had, now has Apple in legal antitrust hot water.  The case has thus far shown some the late Steve Job’s emails; when Apple filed a motion to dismiss the lawsuit, Judge Gonzales Rogers denied it and cited “a responsibility to the 8 million iPod owners potentially affected by Apple’s alleged monopoly.”

People tend to react better to subscription-based DRM when paying for access to music, not ownership such as with Spotify. But unless the coffee-fairy came, then you paid for your Keurig 2.0 Brewing System; it doesn’t seem unreasonable to expect it to brew cups or carafes of coffee, tea, expresso or hot chocolate – no matter the label on the pod.