The kitchen robot with a hidden microphone and a vulnerable Android version

The francophone media are all the rage with the story of Monsieur Cuisine Connect, a kitchen robot sold by low-cost supermarket chain Lidl. MCC contains a tablet-like device as a touch-screen control interface; it runs Android, and it turned out to be quite simple to hack. As hackers took the kitchen robot apart in search of new cools hacks, they discovered a microphone, of which no mention was made in the marketing literature, nor in the product documentation.

The microphone was not simply forgotten in the tablet around which the MCC is built. It is mounted outside of the table, secured to the chassis for a clearer, unmuffled sound. The chassis itself has a small hole in correspondence of the microphone, for even better results. In engineering terms, this is a smoking gun: the manufacturer wanted Monsieur Cuisine Connect to be able to listen in.

Even worse, MCC runs Android 6, which has important unfixed vulnerabilities. At the time of hitting the market (2019), those vulnerabilities were already well known (the final Android 6 security patch was released in 2017).

C’est ne pas de la paranoia, […] c’est just qu’il faut toujours être préparés au pire […] avoir conscience d’avoir commercialisé ces produits sans faire attention à tout ce qu’il y a autour.

(The video is in French)

4 Likes

I remember the time when such stuff was the realm of conspiracy theories. Not anymore:

There should be some sort of award given for ‘most cynical new product.’

1 Like

Wow, that’s quite a revelation about the Monsieur Cuisine Connect! :open_mouth: