Jailbreaking your connected coffee machine: The idiocy of things

How many more of these IoT devices that use DRM technology to validate the use of proprietary refills do we have to endure?
Written by Jason Perlow, Senior Contributing Writer

The Internet of Things (IoT) is awesome. I love my smart devices when they make my life easier.

That's supposed to be the point of connected devices, which is to add sensor capability, remote operation, and data gathering that benefits the end-user.

Yes, that data is valuable to the device manufacturer, too, which runs cloud services in order to make that product work. And it's a huge liability should that data make it out into the wild. But that's the cost of IoT.

I have a lot of connected devices in my home. Thermostats, lighting, fans, electrical switches, garage door openers, and even my swimming pool/spa heater and pump. And, of course, my smart speakers, such as my Amazon Echo devices and Sonos devices.

Pretty much all these things -- with the exception of the Amazon Echo, which uses AWS for virtually everything -- can act as regular dumb devices that can be operated manually in the event they lose connectivity.

But, increasingly, I am starting to see smart devices that not only rely on connectivity for basic functionality but use networking and sensors in order to prevent end-users from actually getting the most out of their devices.

Specifically, I am talking about smart appliances that depend on refillable supplies. In information technology, the most notable offender is Hewlett-Packard small/home office printers, which not only use proprietary ink and toner cartridges that are specific to each model but employ validation technology to determine that the refills are in fact genuine OEM parts, and it will disable third-party cartridges if detected.

Read also: BlackBerry teams with Fleet Complete to push Radar IoT platform | Finding IoT's untapped potential in the rental market | What will it take to scale IOT globally?

Why does HP do this? Well, the consumable supplies business for printers is huge. The company essentially sells the printers at extremely low margins in order to make up for it in consumables -- that's why the devices are so cheap and the refills cost almost as much as the printer itself.

Sometimes it is actually cheaper to buy a new printer with an included ink cartridge than to buy a refill.

Hewlett-Packard is probably the worst offender in this group, but it isn't the only one. Consumer devices are also getting in on the act.

The most notable example is Keurig, which is one of the most popular pod-based coffee machines on the market. Keurig's parent company is Green Mountain, which is a coffee distributor and producer. It also developed the K-Cup standard that the Keurig machines use.

Now, it's bad enough that the K-Cup has to be licensed in order for third-parties to legally produce them. Newer-generation Keurig machines actually scan and validate the supplies using digital rights management (DRM) before brewing.

If the machine detects an unauthorized K-cup, no brew for you. But resourceful end-users have figured out how to bypass that DRM with a simple hack using a previously used K-cup and a small amount of tape. There is also another hack that opens up additional brewing choices with the use of a small magnet.

Great. I love having to jailbreak my coffee machine at 7am every morning.

Another company that uses proprietary coffee pods is Nespresso. But instead of using technology to block third-party pod makers, it has traditionally done it through the supply chain; you can only buy pods directly from Nespresso on its coffee club web site, retail shops, or via authorized resellers like Amazon.

Interestingly, I am OK with this approach. But I am not OK when technology prevents users from using products -- like that is used in the company's new VertuoLine pods and brewers.

Now, the Keurig brewer isn't exactly an IoT device, because it has no connectivity. But that's clearly the next step.

Recently, Juicero, which went through initial Kickstarter seed funding, attempted to bring a $400 internet-connected juice machine to market. It used proprietary juice bags that you had to buy from Juicero.

The company ended up closing shop 18 months after it was founded when it was determined that you didn't actually need the machine to get the juice out of the bags.

You would think companies would learn from the Juicero experience. But apparently not.

Technology we hate with a passion

Recently, I started playing with a new coffee machine from Europe, the $800 Bonaverde Berlin.

Now, the Berlin is a very cool piece of technology. It has an integrated coffee bean roaster and grinder so that you start out with green coffee beans and the end-product is as fresh tasting as you can possibly get. You definitely taste a difference when the coffee has been roasted only minutes before.

But there are a number of things wrong with this machine. First, it only makes drip coffee -- and when you consider that mid-range semiautomatic prosumer espresso/cappuccino machines can be bought for under $600, that is extremely expensive for what is essentially a high-tech version of a Mr. Coffee that you can buy for $16 on Amazon.

Second, you have to buy your coffee from Bonaverde. The machine requires the green coffee beans to be packaged in disposable paper filters, which have an RFID tag on them that identifies the varietal.

Future versions of the machine will take this even further by using a built-in 3G and Wi-Fi connection to access cloud services that will instruct the machine on the proper roast profile, and it will also order its own supplies. It will also allow you to control the machine using an app or other third-party connected services.

Coffee is brewed by emptying the green bean contents of the filter pack into the roaster hopper, then passing the RFID tag on the filter pack under a scanner on the front of the machine, and hitting a brew button to start the process.

The machine has no manual brew features or any other controls. The only thing you can set manually is the grind level and how much water is placed in the reservoir tank, which is used up completely after each brew.

Read also: AT&T rolls out IoT management platform for enterprises | How IoT is helping this offshore driller gain efficiencies Hive thinks it knows how to get the smart home buzzing

I hear what you are thinking: Just re-use the RFID tags and buy the beans from Sweet Maria's, right? Problem solved. Nope. Each RFID tag can only be used once -- the machine's memory apparently keeps track of each serial number and each brew cycle.

Look, I understand the value of having refills that are authenticated and genuine and being able to automatically program a machine to fit the brewing and roasting profile of that consumable. However, you still need to be able to give end-users a choice of where to buy their basic consumables from.

More often than not, a consumer will choose to buy supplies from the original manufacturer when customer service is good and they are rewarded for loyalty, such as through club and subscription programs.

If you cannot demonstrate the value of your own supplies without using technology to lock out the competition, then you are doing it wrong.

Internet of Things plus Digital Rights Management is the Idiocy of Things. There's no value-add to this approach.


Alexa, Cortana, Google, Siri user? Watch out for these inaudible command attacks

For as little as $3, an attacker can silently tell any voice assistant to open up a malicious webpage.

16 technical Alexa skills IT pros should know (TechRepublic)

Alexa offers an array of functions to serve as a helpful technical guide. The skills in this list can help you with things like network diagnostics, IP address lookups, and programming questions.

Editorial standards