No Comments

Free coffee? Researcher manipulates Nespresso’s giftcard system and inserts more than €167 thousand in his card


Automated Nespresso coffee machines in Europe, can be easily manipulated to get “free coffee”, as the company continues to use a smartcard system, extremely vulnerable and nothing suited to industry standards, informs Belgian information security researcher Polle Vanhoof.

The researcher explains that some self-service machines, Nespresso Pro, use a card payment system, equipped with Proximity Field Communication (NFC) developed by Mifare (extremely vulnerable).

Card equipped with NFC Mifare Classic, used by the researcher. Photo: Polle Vanhoof.
Card equipped with NFC Mifare Classic, used by the researcher. Photo: Polle Vanhoof.

Also in March 2008, security researchers linked to the Dutch university, Radboud Nijmegen, were able to clone and manipulate Mifare Classic chip data. Vanhoof comments that the discovery drew a lot of attention at the time, mainly because the technology was used in the payment system for public transport in the Netherlands.

The technology, vulnerable since 2008, is still widely used by companies around the world. A brief survey on import sites and online stores you can find several Mifare NFC options being sold at low pricessuch as tags, badges and access cards.

“Since the publication of this research, the Mifare Classic series is considered unsafe and must not be used to perform safety-sensitive work. Mifare offers alternatives to its Classic series, with Mifare Plus being the immediate replacement for Mifare Classic with a certified security level (based on AES-128) that is fully compatible with Mifare Classic ”, explains the researcher.

Knowing the vulnerability of the Mifare Classic system, Vanhoof decided to test the integrity of payments on Nespresso Pro and his blog, reported the entire reverse engineering process employed in the research.

Using an NFC reader and a little Python, Vanhoof managed to break the basic system encryption and manipulate its data. First, he made a purchase, to understand how the card handles payments. After, changed the code where the credits are stored and inserted more than EU € 167 thousand in the “smart card”.

Reader is too small to display the entire 167,772.15 number, which is equivalent to the value in Euros, inserted in the tag. Photo: Polle Vanhoof.
Reader is too small to display the entire 167,772.15 number, which is equivalent to the Euro value inserted in the tag. Photo: Polle Vanhoof.

The main vulnerability of this system is that credit information is stored in the tag itself and not in a central control system. The researcher justifies that Mifare Classic tags are very cheap and easy to install, but it is necessary to consider their lack of security.

“This is a very simple and economical design, requires less hardware and software to be implemented, making it a likely choice for anyone developing such a system, unaware of the security weaknesses of the Mifare Classic“, writes.

One of the solutions presented by the researcher is to store the credit information on a remote, protected and encrypted system, instead of storing it on the user’s card. According to the researcher, Nespresso is working on a fix for the problem.

Source: Polle Vanhoof.

See the original post at:

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.