Nespresso Smart Cards Brewed with Weak Security
A researcher hacked Nespresso Pro smart cards to dispense free, unlimited coffee.
Researchers have demonstrated how to outsmart Nespresso Pro machines that use certain smart cards, hacking them to dispense coffee on-demand.
Nespresso produces a range of coffees and machines for personal and professional use. Some of the commercial machines accept Mifare Classic stored-value smart cards, which allow users to load money onto the cards to use in the machines. The cards however have been widely panned as lacking in security for at least the past 12 years. In 2008, a paper entitled Dismantling Mifare Classic was published, flagging many issues.
But, that didn’t stop Nespresso from using the cards with its Nespresso Pro public machines, which are installed throughout Europe — despite updated alternatives being available, like the Mifare Plus smart cards , according to researcher Polle Vanhoof.
He added that storing the money on the card, rather than on a back-end server, would seem to make sense on the surface.
“This is a much simpler and cost-effective design, requiring less hardware and software to implement, making it a likely choice for anyone developing such a system unaware of the security weaknesses of the Mifare Classic,” Vanhoof explained in the disclosure.
Vanhoof found that he could easily crack the smart card and add unlimited funds to be used in the coffee dispensers.
Threatpost reached out to Nespresso for comment but hasn’t yet heard back.
A Whole Latte Security Flaws
Vanhoof explained that he used mfoc, a tool to crack the Mifare Classic chip’s encryption and move the contents of the data to a separate file.
“While attempting to crack the keys for the Nespresso cards I encountered some bugs that would prevent the application from properly dumping the keys,” Vanhoof said. “I fixed the issues and submitted a pull request… but I do not expect that it will be merged given the state of the repository.”
Vanhoof directed other researchers doing this type of work to use a patched version.
He then ran the mfoc tool to crack non-default keys with the command [mfoc -P 500 nespressp.dmp].
“Before we continue, we manually grab the keys that were found and add them to a file [keys.txt], Vanhoof added. “That way we can feed them into the tool and skip the cracking part for subsequent dumps.”
He loaded the card with €1.50 and made a binary dump using the previous keys. Then he purchased coffee from a Nespresso machine, dropping the card’s value and made another dump for comparison to find the money bytes in the code.
“After doing some more testing and debugging, we come to the conclusion that the card uses 3 bytes to represent the total monetary value on the card,” Vanhoof said. “The maximum possible amount of money on one of these cards is therefore €167.772,15.”
Using the [nfc-mfclassic] tool, Vanhoof was then able to add money back onto the card.
To fix the bug, Vanhoof explained Nespresso users should upgrade their smart cards. He added that updating the machines so that money values are stored on a centralized server, rather than the card itself, would be a big improvement.
“After talking to Nespresso, it seems they already offer both of these options,” Vanhoof said. “Clients concerned with the security of their systems should look into these alternatives.”
Original Post: ThreatPost