Chinese Air Fryers May Be Spying on Consumers, Which? Warns

November 11, 2024

IoT devices have become a known attack vector in recent years, largely due to the fact that they lack many of the security protections internet-facing devices are meant to have. However, even with this awareness, few people expect their kitchen appliances to be actively working against them. The UK consumer rights group Which? (hereafter simply Which) is alleging that certain smart kitchen appliances from Chinese manufacturers are doing just that, claiming to have found evidence of excessive smart device surveillance. The products in question are smart air fryers from the companies Xiaomi, Cosori and Aigostar. These smart devices are intended to pair with phone applications so that the user can remotely control and monitor their air fryer. According to Which, these applications ask for permissions far beyond what is necessary for their operation. Their report states that Xiaomi, Cosori, and Aigostar air fryers all wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone. In addition, the Xiaomi app allegedly connected the device to ad trackers from Facebook, the Pangle ad network from TikTok, and domains belonging to Tencent, depending on the location. Aigostar’s application wanted to know the gender and date of birth of the owner when creating an owner account, and Which alleges this information is sent back to servers in China.

These air fryers are not the only devices scraping information beyond their requirements. Which also accused Huawei of requesting phone permissions it dubbed as risky when setting up its Ultimate smart watch, including precise location, audio recording, access to stored files, and the ability to see other apps installed. Overly permissive data access is a personal data integrity issue in itself, but equally problematic is its ability to be utilized by a threat actor for attack purposes. Digitally connected heating systems have been used to compromise networks before, and an air fryer, a smart watch, or a refrigerator could easily lead to a similar circumstance if not sufficiently protected.

More from Blackwired

July 2, 2025

SquareX: Browser AI Agents Are The Weakest Link

Browser AI agents pose major security risks, often falling for phishing and OAuth attacks due to lack of built-in safeguards.

Read more
June 25, 2025

US Homeland Security warns of escalating Iranian cyberattack risks

US-Iran conflict escalates; DHS warns of rising cyber, terror threats from Iran, allies, and hacktivists targeting US infrastructure.

Read more
June 18, 2025

CISA Issues Comprehensive Guide to Safeguard Network Edge Devices

New global guidance urges stronger edge device security to counter rising zero-day threats—focus on logging, MFA, and hardening.

Read more

© 2024 Blackwired. All Rights Reserved.