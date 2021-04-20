That everything is connected has its charm in various settings, but it also poses risks. It is just what has been evident in an air fryer from the firm Cosori.

Cybersecurity experts at Cisco Talos have discovered two vulnerabilities that allow remote code execution and thus take control of the functions of the fryer.

Deep fryers can also be hacked

This air fryer (without oil) is currently available in online stores, but it may not be a very good idea to buy it, especially knowing that an attacker could end up taking advantage of the aforementioned vulnerabilities to control it remotely.

Cisco Talos explains that these security flaws “could hypothetically allow an adversary to change temperatures, cooking times and settings the air fryer, or turn it on without the user knowing. “

To take advantage of these vulnerabilities, yes, the attacker must be able to have physical access to the fryer: this is when you can send a very special package with a JSON code that allows you to execute arbitrary code.

Those responsible for the discovery informed the manufacturer following their policy of disseminating security flaws, but after 90 days without Cosori correcting the fault —Which is still present— have decided to reveal the problem.

