Vanhoof found that he could easily crack the smart card and add unlimited funds to be used in the coffee dispensers. “This is a much simpler and cost-effective design, requiring less hardware and software to implement, making it a likely choice for anyone developing such a system unaware of the security weaknesses of the Mifare Classic,” Vanhoof explained in the disclosure. He added that storing the money on the card, rather than on a back-end server, would seem to make sense on the surface. In 2008, a paper entitled Dismantling Mifare Classic was published, flagging many issues.īut, that didn’t stop Nespresso from using the cards with its Nespresso Pro public machines, which are installed throughout Europe - despite updated alternatives being available, like the Mifare Plus smart cards, according to researcher Polle Vanhoof. The cards however have been widely panned as lacking in security for at least the past 12 years. Some of the commercial machines accept Mifare Classic stored-value smart cards, which allow users to load money onto the cards to use in the machines. Nespresso produces a range of coffees and machines for personal and professional use. Researchers have demonstrated how to outsmart Nespresso Pro machines that use certain smart cards, hacking them to dispense coffee on-demand.
