Discovery to make you smile. By offering a connected robot kitchen, the German company Vorwerk opened to security failures with its Thermomix. A group of cybersecurity experts did not take longer to discover open holes to take control of the aircraft, a TM5, so that you can start programs.
Informed by digital, the publication of Sinakiv, a company specialized in cybersecurity, explains in detail this feat, which shows that we should not worry about the few holes in the racket.
Physical access to the necessary device
To succeed in hacking the Thermomix TM5, these ethical pirates had to hack. It is first of all the way thermomix verifies the version of the internal software that allowed a first approach. This allowed the extraction of the encryption key to ineffective safeguards. Once in possession of this key, experts could inject malware. But first it was necessary to modify the card that contains the different components, dismantling the robot kitchen.
Once installed, the synakiv software itself, therefore, allows you to control the Thermomix, especially by launching programs without user action.
Sinakiv specifies that the pirate must have physical access to the device, which must then dismantle so that it can go beyond the Vorverk protections. In addition, the Themomix TM5 should not have received the correction update of the fault used (version 2.14). This was proposed after the expert team alert.
Therefore, remote access is not possible, which necessarily limits the interest of this failure, and that they should also reassure those who already imagine that their Thermomix will begin working alone.
If you pirate ready to smile, you should not hide the problem of connected objects and the threat they can represent if they are not designed correctly, especially in their firmware. Therefore, it is not recommended to buy USB keys or storage products in doubtful sites or unknown brands to prevent spy software from being there without prior notice.
Source: BFM TV
