Chinese Air Fryers May Be Spying on Consumers, Which? Warns

November 11, 2024

IoT devices have become a known attack vector in recent years, largely due to the fact that they lack many of the security protections internet-facing devices are meant to have. However, even with this awareness, few people expect their kitchen appliances to be actively working against them. The UK consumer rights group Which? (hereafter simply Which) is alleging that certain smart kitchen appliances from Chinese manufacturers are doing just that, claiming to have found evidence of excessive smart device surveillance. The products in question are smart air fryers from the companies Xiaomi, Cosori and Aigostar. These smart devices are intended to pair with phone applications so that the user can remotely control and monitor their air fryer. According to Which, these applications ask for permissions far beyond what is necessary for their operation. Their report states that Xiaomi, Cosori, and Aigostar air fryers all wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone. In addition, the Xiaomi app allegedly connected the device to ad trackers from Facebook, the Pangle ad network from TikTok, and domains belonging to Tencent, depending on the location. Aigostar’s application wanted to know the gender and date of birth of the owner when creating an owner account, and Which alleges this information is sent back to servers in China.

These air fryers are not the only devices scraping information beyond their requirements. Which also accused Huawei of requesting phone permissions it dubbed as risky when setting up its Ultimate smart watch, including precise location, audio recording, access to stored files, and the ability to see other apps installed. Overly permissive data access is a personal data integrity issue in itself, but equally problematic is its ability to be utilized by a threat actor for attack purposes. Digitally connected heating systems have been used to compromise networks before, and an air fryer, a smart watch, or a refrigerator could easily lead to a similar circumstance if not sufficiently protected.

More from Blackwired

November 18, 2024

Safeguarding Healthcare Organizations from IoMT Risks

IoMT devices are vital but vulnerable, risking data breaches and patient safety; Zero Trust and network segmentation are key solutions.

Read more
November 4, 2024

The Hidden Risks in Telecom Networks and How to Safeguard Your Organization

Recent telecom breaches, like Verizon's, expose risks beyond politics. End-to-end encryption is crucial for protecting sensitive data.

Read more
October 28, 2024

A Look at the Social Engineering Element of Spear Phishing Attacks

CISOs face dual challenges: technical security and increasing compliance duties. Most believe a separate role for compliance is needed.‍

Read more

© 2024 Blackwired. All Rights Reserved.