A research team at the Hagenberg campus in Austria has a security flaw discovered in a food processor with cooking and WiFi function. The machine is similar to the well-known Thermomix from Vorwerk and was sold under the names Ambiano or Quigg by Hofer and Aldi. The WLAN function can be activated via a button on the machine, via which the machine can be remotely controlled via the app.
However, this connection can easily be adopted, as Florian Hehenberger, Markus Zeilinger and Dieter Vymazal have found out. In this way, the device can be remotely controlled or possibly even destroyed. This only works within the range of the WLAN and only if it has been activated beforehand. The food processor also deactivates the WLAN in standby mode or when it is switched off. After Hofer had not fixed the security gap within three months of being notified by the research team, the team published the security gap and the description of its proof of concept (PoC).
According to the research team, the set up WLAN of the kitchen machines always begins with the character string “KM2017Wi”. After this, the team scanned with a script that is to be published at a later date, and tried to connect. Since the food processor only allows one WLAN connection, any existing connection must be disconnected with a deauth command. The command is part of the WLAN standard 802.11 and prompts selected or all devices to disconnect from a WLAN. According to the Federal Network Agency, however, such deauthers are not used “not permitted”.
If there is no longer a connection to the food processor, a connection can be established via the unprotected WLAN. The machine can then be remotely controlled and heated, for example. A heating process is actually only allowed if the stirring unit of the device is active and possible up to a target temperature of 120 ° C. However, the researchers were able to circumvent these restrictions and increase the temperature up to 140 ° C without the stirring unit being active.
Damage to the device is also possible if the direction of rotation is changed every 1.5 seconds at full speed. “In order not to actually damage our test device, we did not test this extensively. However, we assume that this procedure will sooner or later lead to mechanical damage to the food processor”, explained the scientists. A solution to the vulnerability is currently not in sight, the researchers meanwhile recommend “not to activate the WLAN function of the food processor and thus to forego remote control via the app.”