{"id":4328,"date":"2024-07-03T14:55:50","date_gmt":"2024-07-03T19:55:50","guid":{"rendered":"https:\/\/www.darkreading.com\/iot\/any-iot-device-can-be-hacked-even-grills"},"modified":"2024-07-03T14:55:50","modified_gmt":"2024-07-03T19:55:50","slug":"any-iot-device-can-be-hacked-even-grills","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/03\/any-iot-device-can-be-hacked-even-grills\/","title":{"rendered":"Any IoT Device Can Be Hacked, Even Grills"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt7ebeddd5be84c81f\/6685ac98fb5061889678f5a7\/ruined_tofu_bbq_bishop_fox.png?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">As more and more household appliances and devices become Internet-capable, they also become <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/physical-security\/get-ready-for-realistic-attacks-on-the-internet-of-things\" rel=\"noopener\">vulnerable to potential exploitation<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">. For people who take grilling seriously, they now face the possibility of a ruined cookout \u2014 not because they picked the wrong cut of meat or didn\u2019t pay close enough attention to maintaining the ideal temperature, but because their grill was hacked.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Bishop Fox\u2019s Nick Cerne uncovered multiple vulnerabilities in certain types of Traeger grills, a widely recognized brand for grilling and smoking. The affected ones come with the Traeger Grill D2 Wi-Fi Controller, an embedded device that allows the grill to be controlled via a mobile app. The vulnerabilities could allow a remote attacker to issue commands to the grill such as obtaining details about the grill, including its serial number, or to shut it down altogether.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Setting aside the question of why any grill needs a mobile app, this kind of interference is not something most people expect when grilling. Take the first vulnerability, with a severity score of 7.1 (high), which is an insufficient authorization control issue in the API responsible for registering the grill. Bishop Fox\u2019s research team was able to remotely shut down the grill (belonging to an employee not on the research team) and also to increase the temperature. In this case, the researchers changed the temperature from 165 degrees Fahrenheit to 500 degrees Fahrenheit.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">\u201cInstead of being smoked into a delicious meal, the tofu was reduced to a blackened, inedible crisp,\u201d the Bishop Fox team wrote in a research note. \u201cThe lack of authorization controls could be used to antagonize Traeger grill owners by setting the temperature to the maximum of 500 degrees Fahrenheit for the remainder of a cooking cycle, ruining food that was being cooked unattended.\u201d<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">While the researchers were able to wake up the grill from its standby mode, manipulate the temperature, and shut it down, they were unable to identify a way to ignite the grill remotely. But the outcome of this research highlights something that is critical to ensuring the security of Internet of Things: <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/ics-ot-security\/window-snyder-s-start-up-launches-security-platform-for-iot-device-manufacturers\" rel=\"noopener\">the ability to fix the issue<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In this case, Traeger has automatic firmware updates for its grills. This means that all Traeger grills affected by the insufficient authorization controls vulnerability and connected to the Internet have already been updated, without needing the grill owner to take any action. The challenge with Internet of Things always has been what to do when vulnerabilities are found \u2014 users are not going to download updates and then figure out how to load them into devices like refrigerators, cameras, and, in this case, grills. The fact that Traeger handles the task so that grill owners don\u2019t have to is critical. More manufacturers have to develop update mechanisms to make it <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/iot\/securing-iot-devices-requires-a-change-in-thinking\" rel=\"noopener\">safe for users to use<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> so many of these Internet-capable systems.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">One thing to note, however, is that any potential attacker would first need the target grill\u2019s unique 48-bit identifier. This limits the pool of attackers to one near at hand \u2014close enough to capture network traffic while the grill is being paired with the app, or close enough to scan the QR code on a sticker located on the grill. This highlights the second thing about potential attacks against the Internet of Things: keeping an eye on what\u2019s happening to your devices, securing the network from guests, and keeping physical control of the devices help thwart exploitation attempts.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">\u201cBishop Fox also recommends using the physical power switch to turn off grills when not in use.\u201d That seems like a good piece of advice all around.<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/iot\/any-iot-device-can-be-hacked-even-grills\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As more and more household appliances and devices become Internet-capable,<\/p>\n","protected":false},"author":12,"featured_media":4329,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-4328","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?fit=1800%2C1013&ssl=1",1800,1013,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?fit=1800%2C1013&ssl=1",1800,1013,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/any-iot-device-can-be-hacked-even-grills.png?fit=1800%2C1013&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4328"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4328\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/4329"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}