Any IoT Device Can Be Hacked, Even Grills

As more and more household appliances and devices become Internet-capable, they also become vulnerable to potential exploitation.
For people who take grilling seriously, they now face the possibility of a ruined cookout - not because they picked the wrong cut of meat or didn't pay close enough attention to maintaining the ideal temperature, but because their grill was hacked.
Bishop Fox's Nick Cerne uncovered multiple vulnerabilities in certain types of Traeger grills, a widely recognized brand for grilling and smoking.
The affected ones come with the Traeger Grill D2 Wi-Fi Controller, an embedded device that allows the grill to be controlled via a mobile app.
The vulnerabilities could allow a remote attacker to issue commands to the grill such as obtaining details about the grill, including its serial number, or to shut it down altogether.
Setting aside the question of why any grill needs a mobile app, this kind of interference is not something most people expect when grilling.
Take the first vulnerability, with a severity score of 7.1, which is an insufficient authorization control issue in the API responsible for registering the grill.
Bishop Fox's research team was able to remotely shut down the grill and also to increase the temperature.
In this case, the researchers changed the temperature from 165 degrees Fahrenheit to 500 degrees Fahrenheit.
While the researchers were able to wake up the grill from its standby mode, manipulate the temperature, and shut it down, they were unable to identify a way to ignite the grill remotely.
The outcome of this research highlights something that is critical to ensuring the security of Internet of Things: the ability to fix the issue.
In this case, Traeger has automatic firmware updates for its grills.
This means that all Traeger grills affected by the insufficient authorization controls vulnerability and connected to the Internet have already been updated, without needing the grill owner to take any action.
The challenge with Internet of Things always has been what to do when vulnerabilities are found - users are not going to download updates and then figure out how to load them into devices like refrigerators, cameras, and, in this case, grills.
The fact that Traeger handles the task so that grill owners don't have to is critical.
More manufacturers have to develop update mechanisms to make it safe for users to use so many of these Internet-capable systems.
One thing to note is that any potential attacker would first need the target grill's unique 48-bit identifier.
This limits the pool of attackers to one near at hand -close enough to capture network traffic while the grill is being paired with the app, or close enough to scan the QR code on a sticker located on the grill.
This highlights the second thing about potential attacks against the Internet of Things: keeping an eye on what's happening to your devices, securing the network from guests, and keeping physical control of the devices help thwart exploitation attempts.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 03 Jul 2024 20:20:08 +0000


Cyber News related to Any IoT Device Can Be Hacked, Even Grills

Any IoT Device Can Be Hacked, Even Grills - As more and more household appliances and devices become Internet-capable, they also become vulnerable to potential exploitation. For people who take grilling seriously, they now face the possibility of a ruined cookout - not because they picked the ...
4 months ago Darkreading.com
IoT Security: Safeguarding Business IoT Devices - The security of IoT devices is of utmost importance as businesses increasingly rely on them to streamline operations and enhance productivity. In this discussion, we will explore the importance of IoT security in safeguarding business IoT devices and ...
9 months ago Securityzap.com
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
9 months ago Securityzap.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
10 months ago Securityzap.com
IoT Security in the Age of Cyber Threats - These vast neural networks enable IoT devices to seamlessly connect the mundane and the sophisticated into the digital fabric of the internet. This range of devices includes everything right from kitchen appliances and industrial machinery to smart ...
10 months ago Feeds.dzone.com
How To Improve Security Capacities of The Internet of Things? - The security of the Internet of Things is one of the main challenges of today. Many IoT assets could get an easy target to cyber attacks and it's highly recommended to somehow cope with these requirements. The best practice is something that would ...
9 months ago Cyberdefensemagazine.com
Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID - PRESS RELEASE. EAST BRUNSWICK, N.J., Feb. 14, 2024 /PRNewswire/ - Somos, Inc., an industry expert in identity management, fraudprevention and data services who is recognized as a leading provider of solutions that foster trust in voice and messaging, ...
9 months ago Darkreading.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
10 months ago Bleepingcomputer.com
Insights from Billington Cybersecurity Summit 2023: The Enhanced Threat Surface of 5G/6G & IOT - From September 5th to September 8th of 2023, Billington Cybersecurity hosted its 14th annual Cybersecurity Summit in Washington, D.C. Among my fellow Raytheon executives, I was given the honor of joining senior leadership from the U.S. government and ...
9 months ago Cyberdefensemagazine.com
SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
9 months ago Bleepingcomputer.com
The Intersection of IoT and Financial Security: Expert Tips for Protection - Sophisticated Internet of Things technologies transformed the cybersecurity systems in financial services. Take credit cards as an example-commercial banks significantly cut the risk of skimming by replacing magstripe cards with chip-and-PIN cards. ...
10 months ago Securityboulevard.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
Russian Agents Hack Webcams to Guide Missile Attacks on Kyiv - The Security Service of Ukraine has asked owners and operators of webcams in the country to stop broadcasts from their devices over concerns about Russia's intelligence services using the feeds to conduct military reconnaissance against strategic ...
10 months ago Darkreading.com
CMDB: Device Visibility for Bank Security - Let us see how a device visibility and control software functions to automatically alert when a rogue or unauthorized device enters your network. Device visibility and control is a cybersecurity concept that refers to the ability to discover, ...
10 months ago Feeds.dzone.com
Securing Educational Robots: IoT Security in Robotics Education - As robotics continues to be integrated into educational settings, the use of educational robots powered by the Internet of Things presents exciting opportunities for enhancing learning experiences. With technological advancements come the critical ...
10 months ago Securityzap.com
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
10 months ago Bleepingcomputer.com
The key to connected care excellence - Antoinette Hodes is a Global Solutions Architect, specializing in IoT, and serves as an Evangelist with the Check Point Office of the CTO. She has worked as an engineer in IT for over 25 years and is an experienced security solutions architect in the ...
10 months ago Blog.checkpoint.com
MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks - A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices. Written in Rust, the P2Pinfect malware acts as a botnet agent, ...
11 months ago Packetstormsecurity.com
Embedded Linux IoT Security: Defending Against Cyber Threats - Embedded Linux IoT systems are now essential parts of many different kinds of products, from industrial machinery and smart appliances to medical equipment and automobile systems. As Embedded Linux is being used widely, it has attracted the attention ...
10 months ago Securityboulevard.com
Black Hat Europe 2023: Should we regulate AI? - The accelerated pace in the advancement of technology is challenging for any of us to keep up with, especially for public sector policymakers who traditionally follow rather than lead. Last week, the Black Hat Europe conference held in London, ...
11 months ago Welivesecurity.com
IoT Adoption in Healthcare: Security Opportunities and Benefits - The Internet of Things (IoT) is the technology that has increasingly become popular in various industries and has been gaining traction in the healthcare sector. With the rise of healthtech, the proliferation of connected medical devices, and the ...
1 year ago Csoonline.com
Coming Soon to a Network Near You: More Shadow IoT - News of former Microsoft head of product Panos Panay's exit caused a small stir in the tech industry when it was learned he would join Amazon to lead that company's product division. Precisely what Amazon and Panay have in mind for that ecosystem has ...
10 months ago Securityweek.com
Ho, Ho, Hoooold on a Minute: A New Year Resolution That IoT Isn't a Gift That Keeps on Taking - Internet of Things devices are a gift that give us tremendous power over our lives. They are an array of gadgets and systems created by companies large and small, with divergent ideas and standards of security and privacy. They entertain us, sustain ...
10 months ago Securityweek.com
What to do with that fancy new internet-connected device you got as a holiday gift - This sent me down a path of reconfiguring my home network and re-adding a bunch of devices to a new network. Even though this sounds like a totally basic skill for anyone who works in cybersecurity, it was a big deal for me to set up a separate ...
10 months ago Blog.talosintelligence.com
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware - Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. BleepingComputer has learned there is more to this attack, with threat actors ...
8 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)