Chinese Air Fryers May Be Spying on Consumers, Which? Warns

November 11, 2024

IoT devices have become a known attack vector in recent years, largely due to the fact that they lack many of the security protections internet-facing devices are meant to have. However, even with this awareness, few people expect their kitchen appliances to be actively working against them. The UK consumer rights group Which? (hereafter simply Which) is alleging that certain smart kitchen appliances from Chinese manufacturers are doing just that, claiming to have found evidence of excessive smart device surveillance. The products in question are smart air fryers from the companies Xiaomi, Cosori and Aigostar. These smart devices are intended to pair with phone applications so that the user can remotely control and monitor their air fryer. According to Which, these applications ask for permissions far beyond what is necessary for their operation. Their report states that Xiaomi, Cosori, and Aigostar air fryers all wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone. In addition, the Xiaomi app allegedly connected the device to ad trackers from Facebook, the Pangle ad network from TikTok, and domains belonging to Tencent, depending on the location. Aigostar’s application wanted to know the gender and date of birth of the owner when creating an owner account, and Which alleges this information is sent back to servers in China.

These air fryers are not the only devices scraping information beyond their requirements. Which also accused Huawei of requesting phone permissions it dubbed as risky when setting up its Ultimate smart watch, including precise location, audio recording, access to stored files, and the ability to see other apps installed. Overly permissive data access is a personal data integrity issue in itself, but equally problematic is its ability to be utilized by a threat actor for attack purposes. Digitally connected heating systems have been used to compromise networks before, and an air fryer, a smart watch, or a refrigerator could easily lead to a similar circumstance if not sufficiently protected.

More from Blackwired

December 16, 2024

CISOs need to consider the personal risks associated with their role

CISOs face personal liability for cybersecurity incidents, boosting accountability but increasing stress and deterring professionals.

Read more
December 9, 2024

The Shocking Speed of AWS Key Exploitation

AWS keys exposed online are exploited in minutes, highlighting the need for faster detection and response to prevent breaches.

Read more
December 2, 2024

Advanced Cyberthreats Targeting Holiday Shoppers

The holiday season sees increased e-commerce scams, with AI-driven phishing, fake sites, and data theft targeting consumers and businesses.

Read more