While there’s no denying the success that Keurig Green Mountain has had with its K-Cup coffee machines, there are plenty of reasons to lament it. For starters, single-serve K-Cups are awful for the environment, and the coffee inside of them costs substantially more per pound (paywall) than even freshly roasted specialty coffee. But now, even loyal users of Keurig brewing systems are angry—and they’re fighting back by hacking the company’s new machines.
What’s bothering them is a feature in the company’s new Keurig 2.0 brewer. The machine has a tiny scanner that will reject any unlicensed K-Cup that does not bear the Keurig logo and a special digital ink. This means cheaper, generic alternatives are out, as are older pods, and popular, less wasteful reusable pods. The company argues that this is to ensure consistent quality. But that doesn’t seem to be much of a consolation to unhappy customers, who are experimenting with DIY attempts at cracking the Keurig code—and posting their advice on the internet.
Back in September, a site called KeurigHack.com uploaded a video guide (scored with “The Imperial March” from Star Wars) to a process that it claims is foolproof. It’s remarkably low tech. All you have to do is cut the foil top off of an already used, licensed K-Cup, and place it on top of the unlicensed one. Taping the portion of the licensed lid to the machine apparently offers a more permanent fix.
The method would presumably work with refillable pods as well. Searching YouTube turns up a large number of imitators and other, more elaborate solutions.
Meanwhile, on the digital security forum SecList, someone wrote up a method for hacking the machine, with what has to be intentional hilarity. It’s in the style of a security bug guide, complete with scores for the impact of the loophole.
Here’s the introduction to the guide:
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup.
And here’s some of its tongue-in-cheek advice for Keurig 2.0 owners:
Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user.
The sensors are all part of Keurig’s smart and thus far successful plan to restore its dominance in single-serve coffee. It hopes the new machines will be a big holiday seller.
We haven’t tested the more earnest advice we’ve seen on jailbreaking the brewing system, and we don’t endorse modifying the machine or pods. But the reaction to the new restrictions supports an axiom of the digital world. If you try to lock something down, it will be hacked.