A few months after the launch of the TM7 model, French cybersecurity experts managed to hack a thermomix TM5.
The arrival of a new thermomix model is rare enough to emphasize this. The TM7, which we tested, for example was launched a few months ago, six years after the famous TM6.
To go further
Thermomix TM7 test for 7 days: our tech fan opinion
It was then that French cybersecurity experts (from Synacktiv company) managed to hack the former thermomix TM5, ten years old. The German manufacturer Vorwerk has authorized the publication of this study.
The Thermomix TM5 in the face of “critical” vulnerabilities
Cybersecurity experts began with a material study of the machine, which is more complex than it seems.
- I.MX28 processor
- Memory Flash Nand the 128 mo
- 1 GB of DDR2 RAME memory
These components comparable to an old smartphone allow the execution of a light GNU/Linux distribution.
This system reduces your electricity bill
Here is the Solarflow 2400 Ac of Zendure, a inverter device + battery that combines storage, emergency power supply and energy optimization. It is easy to install and reduces your electricity bill.
The magnetic modules “Cook Sticks”, used to add recipe libraries to the device, prove to be simple modified USB keys and embedded in a plastic shell.
Here again, surprise: it is a standard USB device that incorporates a USB hub and a Wi-Fi controller. So standard that the experts were able to make their own version by modifying the Wi-Fi 360 Wi-Fi adapter, which uses the same chip!
Disassembly of a cook stick // source: synacktiv
Disassembly of a cook stick // source: synacktiv
With these USB keys and the update system, the experts managed to exploit the flaws of the machine, bypassing the protections.
This discovery shows that behind proprietary appearances, Many connected objects use standard components. A logical practice to reduce costs, but which can open safety flaws.
Once connected to Wi-Fi, the researchers were able to perform a false firmware update. The principle is relatively complex: they recovered the encryption key by extracting the content of flash memory fleas, then created a modified update that the device accepts despite the safety in place.
Synacktiv identified three specific flaws in securing the TM5, which has since been corrected by Vorwerk. Following this experience, the French company praised the responsiveness of Vorwerk, the thermomix manufacturer.
We would like to thank Vorwerk for its responsiveness following our disclosure of vulnerabilities, as well as for authorizing this publication.
But beware, don’t panic in your kitchens! This hack requires full physical access to the device and has no real danger for users.
The TM5 has a fairly dated CPU, does not integrate microphone or camera, and by default does not connect to the local network. Difficult to imagine a spy scenario with such a device. At worst, a hacker could change your recipes, but he should have access to your kitchen …
