Let us imagine that your Nespresso smart card had no limit to how much coffee you can buy with it. A little too convenient, isn’t it? Except, a security researcher, Polle Vanhoof explains a vulnerability that actually makes this possible.
See: How a coffee machine infected factory computers with ransomware
The problem lies with the Nespresso Pro machines which have been equipped with a smart card reader whose smart cards are still relying on the MIFARE Classic chip.
This is not exactly something that a company should overlook considering how security researchers reverse-engineered the chips, being able to clone and manipulate the date of the chip in 2008, and published their findings.
Nespresso smart card (Image source: Polle Vanhoof)
After this publication, the MIFARE Classic series was deemed unsafe and the company introduced a safer alternative, MIFARE Plus, which relies on more robust encryption (AES-128).
By the use of an NFC card reader, the nfc-mfclassic command, and mfoc (a software that cracks the encryption of MIFARE Classic chips), Vanhoof was able to access, view, and make changes to the card binaries.
See: White hat hacker infects smart coffee machine with ransowmare
By making a purchase with the card, Vanhoof identified which binaries change since the value of the card ..
Support the originator by clicking the read the rest link below.
