News: 1720023849

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Traeger security bugs bad news for grillers with neighborly beef

(2024/07/03)


Keen meatheads better hope they haven't angered any cybersecurity folk before allowing their Traeger grills to update because a new high-severity vulnerability could be used for all kinds of high jinks.

With summer in full swing in the northern hemisphere, it means BBQ season is upon us, and with Traeger being one of the most trusted brands in grilling and smoking, there's a good chance that many backyard cookouts could be ruined if crafty crims have their way.

We need to talk about criminal adversaries who want you to eat undercooked onion rings [1]READ MORE

Nick Cerne, security consultant at Bishop Fox, [2]discovered a few weaknesses in certain Traeger grills, ones that have the Traeger Grill D2 Wi-Fi Controller installed – an embedded device allowing a grill to be controlled using a mobile app.

Successful exploits could allow a remote attacker to execute day-ruining commands such as temperature change controls or shutting down the grill altogether.

Some meat enthusiasts will meticulously time their cooks for perfect, smoky, fall-off-the-bone meat, with some cooks spanning hours, deep into the early morning before leaving the final product to rest.

[3]

Should the temperature be adjusted mid-cook from a gentle low flame to searing heat, it could be the difference between a backyard gathering for the ages and the worst day of a host's year.

[4]

[5]

The first vulnerability in question concerns the [6]API responsible for grill registration. Bishop Fox assigned it a severity score of 7.1 (high) and it has no CVE ID. The flaw is classed as an insufficient authorization control issue (CWE-284). This is what allows an attacker to potentially mess with a grillmaster's work.

For starters, any would-be attacker would need to know the target grill's unique 48-bit identifier, which could feasibly be carried out by capturing network traffic while the griller tries to pair the grill with their app.

[7]

Realistically, you'd need eyes on the Traeger owner's garden to know exactly when this is happening, so the attack may only be limited to irked neighbors in this regard.

The other way of obtaining that identifier is by scanning the [8]QR code on a sticker located inside the grill's pellet hopper. With this in mind, the number of potential attackers extends beyond a small number of neighbors to anyone who's visited the grillmaster's home (and been able to suspiciously skulk around the grill, smartphone in hand, all while avoiding any questions from onlookers).

Bishop Fox went tested the exploit using an employee's grill that wasn't accessible to the researchers. To get the ball rolling, they retrieved a pairing token from the Traeger API after making a POST request and registered it to an [9]AWS IoT Cognito identity.

[10]

From there, researchers were able to push commands to the device remotely from its AWS application. They were able to force the grill into engaging its shutdown sequence, which can last between 15-25 minutes and is recommended by the manufacturer to avoid grill fires and equipment damage.

[11]

Photo of a Traeger grill entering its shutdown cycle after researchers discovered a way to control it remotely – courtesy of Bishop Fox

[12]Shocker: EV charging infrastructure is seriously insecure

[13]Microsoft fixes the fix for the Windows Server 2019 NTLM problem

[14]'Mirai-like' botnet observed attacking EOL Zyxel NAS devices

[15]UK lays down fresh legislation banning crummy default device passwords

While this wouldn't be the most catastrophic thing to happen – the owner's equipment would be powered off safely – it could ruin a long cook that the owner has slaved over for hours if the temperature dies for too long.

[16]

Photo of the block of tofu burnt by researchers remotely controlling a Traeger grill – courtesy of Bishop Fox

A more conniving trick would be to crank up the temperature and burn whatever food is inside the grill to a crisp, which is exactly what Bishop Fox did to a block of tofu, changing the temperature to 500 degrees from the recommended 165 and consequently incinerating it.

We asked Traeger for a statement but it didn't immediately respond.

A second, less severe vulnerability (4.3 – medium) was also disclosed by Bishop Fox after researchers found a way to remotely force Traeger's GraphQL API to list every grill registered with the manufacturer with a short POST request.

The response would include various details about each grill such as its serial number, name, description, and more. It's not quite as sexy as the first one, in truth.

As for fixing these bugs, grillmasters needn't worry. Traeger has already upgraded its firmware, which will be applied automatically with no intervention required from owners.

The manufacturer also disabled the ListGrills function that underpinned the second vulnerability, so that's all sorted now too. Just in time for that July 4 barbecue in the US, or a wet steak amid the humid drizzle on UK election day. ®

Get our [17]Tech Resources



[1] https://www.theregister.com/2021/04/20/cisco_talos_corosi_fryer_flaws/

[2] https://bishopfox.com/blog/traeger-wifi-controller-advisory

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZoXKA@@eIPMoaCk3qbrLFgAAAAY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZoXKA@@eIPMoaCk3qbrLFgAAAAY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZoXKA@@eIPMoaCk3qbrLFgAAAAY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2022/05/25/why_apis_matter/

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZoXKA@@eIPMoaCk3qbrLFgAAAAY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[8] https://www.theregister.com/2024/06/17/asia_qr_code_obsession/

[9] https://www.theregister.com/2024/05/03/vmc_on_aws_changes/

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZoXKA@@eIPMoaCk3qbrLFgAAAAY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[11] https://regmedia.co.uk/2024/07/03/traeger_grill_shutdown_bishop_fox.jpg

[12] https://www.theregister.com/2022/11/15/ev_charging_infrastructure_sandia/

[13] https://www.theregister.com/2024/05/24/microsoft_patch_patch/

[14] https://www.theregister.com/2024/06/24/mirailike_botnet_zyxel_nas/

[15] https://www.theregister.com/2024/04/29/uk_lays_password_legislation/

[16] https://regmedia.co.uk/2024/07/03/ruined_tofu_bbq_bishop_fox.png

[17] https://whitepapers.theregister.com/



Wifi controlled barbecue problem?

Doctor Syntax

First world problem. You get what you pay for, it's just that it isn't always what you thought it would be.

Re: Wifi controlled barbecue problem?

gv

"Your bbq-ers were so preoccupied with whether they could, they didn't stop to think if they should."

Re: Wifi controlled barbecue problem?

brett_x

Yes, it's a first world problem. But I bought a different brand without WiFi and pretty much immediately regretted it. When you have an expensive slab of meat on the fire for sometimes 12+ hours and a plan to feed a bunch of people with it, it is really good to get alerted to any problems (like you ran out of pellets) along the way.

There are plenty of other tech extras that don't quite add up to the value of this one.

Re: Wifi controlled barbecue problem?

abend0c4

I take it you don't have M&S over there.

Re: Wifi controlled barbecue problem?

Korev

I don't think Percy Pigs BBQ very well...

Re: Wifi controlled barbecue problem?

xyz

Ffs... Seriously, there's an app for that? The whole point of a bbq is to get ratted, eat rawish meat and see if you can get laid.

I mean what does everyone do... Sit in silence, watching a realtime IR video stream and send each other whatsapps or are they in different cities watching virtual meat being cooked or do they have their own "loser" portion of bbq meat and a mini slave bbq tied to the master bbq. Meanwhile bbq manufacturers are selling your data to advertisers before being bought out by META's meat division etc etc.

Mercuns need to stop buying shit.

brett_x

>> A second, less severe vulnerability (4.3 – medium) was also disclosed

I think medium is 5 or above. 4.3 seems like medium-rare.

IoT

Anna Nymous

In IoT, the S stands for Security, and the P for Privacy.

madness

Mage

What's the point of a BBQ that's not charcoal purely manually operated? Though years ago I also used both peat (turf) and peat briquettes on occasions. My dad used to simply use the bin lid upside down and the back door scraper on top. Both hosed first.

Korev

A more conniving trick would be to crank up the temperature and burn whatever food is inside the grill to a crisp, which is exactly what Bishop Fox did to a block of tofu, changing the temperature to 500 degrees from the recommended 165 and consequently incinerating it.

Celcius or Kelvin?

Doctor Syntax

Maybe the recommended was to chill.

What's the f****ing point?

Terry 6

It's a barbecue.

You have the f and f round, you cook and eat* meat and stuff outside, rather than someone being stuck in a kitchen, so that you can be sociable and eat a special kind of smokey food outdoors. And it's quite fun.Why the hell would you want to make that simple low-tech pleasure into a serious techfest?

*Except when, in the UK, you grab the stuff off the BBQ and head inside as the rain starts.

PB90210

I'm worried this could also affect my wi-fi enabled pencil sharpener!

Where will this all end?

If you've done six impossible things before breakfast, why not round it
off with dinner at Milliway's, the restaurant at the end of the universe?
-- Douglas Adams, "The Restaurant at the End of the Universe"