The Lidl connected pressure cooker robot that is currently being ripped apart, the Mr. Kitchen Connect, is now causing a scandal. It would embed an undocumented working microphone and an outdated and insecure version of Android.
The Thermomix food processor from Vorwerk is the new favourite companion of lazy cooks. Choose your recipe, put your ingredients in the indicated compartments and press the button, the robot takes care of tout ! The only downside is its price, which exceeds a net monthly minimum wage. So when Lidl launched an equivalent for less than 400 euros, shoppers rushed to the store to get Mr. Kitchen Connect, even causing crowds.
After investigation, Numerama discovered that this kitchen assistant from SilverCrest wasn’t as perfect as he seemed at first glance. With the help of two computer enthusiasts who bought the product, journalist Marie Turcan discovered that the Mister Cuisine Connect system is indeed based on a barely modified Android tablet. The robot is equipped with a complete set of connectors, 16 GB of storage, Bluetooth and a microphone.
This microphone could be cut off, or at least muffled at the heart of the plastic design of the robot, but the two Frenchmen who helped Numerama in its investigation discovered not only that it is perfectly functional, but that it is also deported by a mechanical extension in order to be able to pick up the surrounding sounds. This poses a first problem knowing that this microphone is not documented anywhere by SilverCrest.
Capture from the Gauster Haus teardown video (Numerama annotations) // Source : YouTube/ Gauster Haus
This microphone could be used to add additional functionality in the future by simply upgrading Mr. Kitchen Connect, for example to control it by voice.
Anyway, this cooking robot is connected to the internet and is based on a tablet running Android 6.0 Marshmallow in its AOSP version that doesn’t have the latest security patches. Remember that the strength of an IoT network lies in securing its weakest link.
Without saying that there is an exploitable flaw in this robot – if this is the case, nothing has yet been found and documented in this respect -, SilverCrest therefore potentially allows access to an unsecured microphone in your home, but also potential access to your entire network.