Nespresso Prepaid Vending Machines Hacked by a Belgian Researcher for Free Coffee


Polle Vanhoof, a Belgian cybersecurity researcher discovered there a flaw in the older Nespresso prepaid coffee machine smart cards and exploited the vulnerability to acquire virtually limitless free drinks.

Vanhoof revealed the vulnerability in Nespresso coffee machine smart cards back in September 2020 and he openly lauded the efforts of Nespresso for managing the issue and now with Nespresso’s approval, he has published his article regarding the flaws in the payment system. Nespresso is unperturbed that other coffee vendors can use this vulnerability to their advantage because this hacking method can only be applied on the older payment cards that have a network connection. 

Modus operandi of this hack

Nespresso payment system operates on ‘stored-value wireless payment card’, it is identical but different from how the modern credit card works. Here wireless refers to the card which uses Near Field Communication (NFC), NFC is used by credit cards, modern door security cards, and nearly in every passport issued in the past decade. 

When someone waves an NFC card close to the NFC reader, the card begins to power up due to the electromagnetic emissions from the reader (which needs to be attached to the power supply), the card powers up due to the antenna present on it in the form of a metal coil that produces electricity as it moves via a magnetic field. The electrical energy which is left in the charged-up card is utilized for a short, wireless exchange of cryptographic data with the NFC reader. It means that NFC cards do not require a battery so they can be tiny, flat, light, and cheap. 

Vanhoof disclosed that older Nespresso cards operate on the Mifare Classic NFC chip and this chip does not have strong enough cryptography which makes the NFC cards vulnerable. NFC cards require a delicate balance of low power consumption with high cryptographic power and in the case of Mifare classic, this balance is more in the favor of the attacker. Mifare Classic runs on a stripped-down 48-bit cipher called Cryptol instead of a well-acknowledged and publicly documented algorithm called AES-128.