{"id":17890,"date":"2021-02-04T12:25:57","date_gmt":"2021-02-04T12:25:57","guid":{"rendered":"https:\/\/bartalks.net\/?p=17890"},"modified":"2021-08-19T16:56:14","modified_gmt":"2021-08-19T16:56:14","slug":"nespresso-commercial-machines-hacked-for-unlimited-coffee","status":"publish","type":"post","link":"https:\/\/bartalks.net\/nespresso-commercial-machines-hacked-for-unlimited-coffee\/","title":{"rendered":"NESPRESSO COMMERCIAL MACHINES HACKED FOR UNLIMITED COFFEE"},"content":{"rendered":"\n<p>Readers will know we like our technology here at Bartalks, even if we can&#8217;t always get it to work. It appears Nespresso has their struggles as well after Polle Vanhoof, a security researcher loaded his Nespresso smart card with \u20ac167,772.15 without spending a cent.<\/p>\n\n\n\n<p>The hack does involve some technical skill so it&#8217;s out of reach for many of us, but IT unethical IT geeks will be paying attention.<\/p>\n\n\n\n<p>The hack works simply by changing the value on the card using free sofware such as nfc-mfclassic that Vanhoof modified. The data uses weak encryption which the software can then crack, and since there is no validation of the card back to a central location, nobody is the wiser.<\/p>\n\n\n\n<p>Vanhoof observed what binary elements changed on the card after making a purchase. Once he had that information, it was simply a case of changing that binary code to represent a bigger number &#8211; in this case \u20ac167,772.15.<\/p>\n\n\n\n<p>At the time the findings were made public, the smart card manufacturer, NXP Semiconductor advised customers to adopt its Mifare Plus cards, which rely on the more secure encryption (AES-128)<\/p>\n\n\n\n<blockquote class=\"wp-block-ugb-blockquote ugb-blockquote ugb-3344da6 ugb-blockquote--v3 ugb-blockquote--design-plain ugb-main-block\"><style>.ugb-3344da6 .ugb-blockquote__quote{width:70px !important;height:70px !important}.ugb-3344da6 .ugb-blockquote__text{font-size:15px !important}<\/style><div class=\"ugb-inner-block\"><div class=\"ugb-block-content\"><div class=\"ugb-blockquote__item\"><svg viewbox=\"0 0 50 50\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"ugb-blockquote__quote\" width=\"70\" height=\"70\"><path d=\"M22.6 12.8c-1.9.5-3.7 1.2-5.3 2.1-1.6.9-3.1 1.9-4.3 3-1.2 1.1-2.2 2.4-2.9 3.7-.7 1.3-1.1 2.7-1.1 4 0 1.2.1 1.8.3 1.8.8 0 1.5-.3 2.4-.9.8-.6 1.9-.9 3.3-.9 2.1 0 3.9.8 5.4 2.4 1.5 1.6 2.3 3.7 2.3 6.2s-1 4.6-2.9 6.4c-1.9 1.8-4.3 2.6-7.3 2.6-1.8 0-3.4-.4-4.9-1.1-1.5-.8-2.8-1.8-3.9-3.1s-2-2.8-2.6-4.6C.3 32.5 0 30.6 0 28.6c0-3 .6-5.8 1.8-8.3 1.2-2.5 2.8-4.8 4.9-6.7 2-1.9 4.4-3.5 7.2-4.6 2.8-1.2 5.6-1.8 8.6-2v5.8zm27.4 0c-1.9.5-3.7 1.2-5.4 2.1-1.7.9-3.1 1.9-4.3 3-1.2 1.1-2.2 2.4-2.9 3.7-.7 1.3-1.1 2.7-1.1 4 0 1.2.1 1.8.4 1.8.8 0 1.5-.3 2.3-.9.8-.6 1.9-.9 3.3-.9 2 0 3.8.8 5.3 2.4 1.5 1.6 2.3 3.7 2.3 6.2s-1 4.6-2.9 6.4c-2 1.8-4.4 2.6-7.3 2.6-1.7 0-3.3-.4-4.8-1.1-1.5-.8-2.8-1.8-3.9-3.1s-2-2.8-2.7-4.6c-.7-1.8-1-3.7-1-5.7 0-3 .6-5.8 1.8-8.3 1.2-2.5 2.8-4.8 4.9-6.7 2-1.9 4.4-3.5 7.2-4.6 2.8-1.2 5.7-1.8 8.8-2v5.7z\"><\/path><\/svg><div class=\"ugb-blockquote__content\"><p class=\"ugb-blockquote__text\">We are working on the assumption that the value of the card is kept on the card itself rather than on some centralized server,&#8221; said Vanhoof. &#8220;This is a much simpler and cost effective design, requiring less hardware and software to implement, making it a likely choice for anyone developing such a system unaware of the security weaknesses of the Mifare Classic.<\/p><\/div><\/div><\/div><\/div><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Polle Vanhoof, a security researcher loaded his Nespresso smart card with \u20ac167,772.15 without spending a cent<\/p>\n","protected":false},"author":10,"featured_media":17892,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_gspb_post_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[3],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/posts\/17890"}],"collection":[{"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/comments?post=17890"}],"version-history":[{"count":0,"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/posts\/17890\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/media\/17892"}],"wp:attachment":[{"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/media?parent=17890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/categories?post=17890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bartalks.net\/wp-json\/wp\/v2\/tags?post=17890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}