Do you have this fryer without oil? Be careful, you have vulnerabilities that compromise your security
A team of researchers from the cybersecurity firm Cisco Talos has discovered two vulnerabilities that could allow a hacker to take control of this oilless fryer.
The Smart Home has become popular and more and more people are already enjoying the benefits of the smart home. However, despite their benefits, connected devices are not without risks and, like any device with an internet connection, their security can be compromised.
This is what has happened with a smart oilless fryer. A team of researchers from the security firm Cisco Talos Has revealed the existence of two vulnerabilities affecting the Cosori Smart Air 5.5 liter CS158-AF version 1.1.0, a smart air fryer with WiFi connection. This for sale on Amazon Spain, among other distributors, so it may be yours.
It is a very interesting dietary fryer because it has smart functions. By having an internet connection, they can be controlled through an application for the mobile phone, where it is possible to keep track of cooking, select the program or set an on timer, among other options.
Security researchers have found two remote code execution (RCE) vulnerabilities that could allow remote code injection into the appliance. “This could, hypothetically, allow an attacker to change the temperatures, cook times and settings of the fryer, or turn it on without the knowledge of the user “, the researchers explain.
Specifically, the vulnerabilities are CVE-2020-28592 Y CVE-2020-28593, Y could be exploited through traffic packets specially designed for the device. Of course, the team clarifies that, to exploit any of these vulnerabilities, the attacker would have to have physical access to the fryer.
Cisco Talos notes that it notified Cosori of these vulnerabilities, but that the company did not respond properly within the 90-day vulnerability disclosure period. The brand has not yet created a patch to fix these security holes, so if you have this fryer you are exposed to an attack.