Some commercial Nespresso machines in Europe that incorporate a smart card payment system can be manipulated to add unlimited funds to purchase coffee, thanks to reliance on technology that’s been known to be insecure for more than a decade.
In a coordinated vulnerability disclosure published this week, Polle Vanhoof, a security researcher, describes a vulnerability affecting unspecified Nespresso Pro machines equipped with a smart card reader: the problem? Some rely on outdated Mifare Classic smart cards.
As Vanhoof explains, Mifare Classic smart cards have not been a particularly smart choice since 2008, when security researchers from Radboud University Nijmegen reverse engineered the chip on the cards and published their findings.
Perth SmartRider public transport cards popped by student researchers
At the time the disclosure was made, chip maker NXP Semiconductor advised customers to adopt its Mifare Plus cards, which rely on more robust encryption (AES-128). Some of Nespresso’s coffee cards nonetheless have been based on the insecure Mifare Classic technology.
Using an NFC card reader, nfc-mfclassic (a Mifare Classic command line tool), a version of mfoc (a Mifare Classic offline key cracking tool) that he patched to work properly, and a Python analysis script, Vanhoof cracked the weak encryption and dumped the card’s binary.
He then made a coffee purchase to see where the binary data changed, reflecting a credit deduction.
“We are working on the assumption that the value of the card is kept on the card itself rather than on some centralized server,” said Vanhoof. “This is a much simpler and cost effective design, requiring less hardware and software to implement, making it a likely choice for anyone developing such a system unaware of the security weaknesses of the Mifare Classic.”
Having identified the binary data on the card that changed with a purchase event, Vanhoof was able to alter the three bytes used to store monetary value and write the a value (€167,772.15) back to the card using the nfc-mfclassic tool. That would be a lot of coffee if he was unethical.
The Register emailed Vanhoof seeking comment but he declined.
Vanhoof, in his post, advised Nespresso to upgrade its smart cards and to store monetary value on a remote server rather than on the smart card itself. “After talking to Nespresso, it seems they already offer both of these options,” he said.
We asked Nespresso to clarify which of its machines might still rely on Mifare Classic cards, but we’ve not heard back. ®