Thermomix TM5 Vulnerabilities Enable Remote Takeover by Attackers

Researchers have uncovered multiple vulnerabilities in the Thermomix TM5, a multifunctional kitchen appliance from Vorwerk, allowing attackers to potentially achieve remote takeover through firmware manipulation and persistent code execution.

The device’s main board, powered by a Freescale/NXP i.MX28 SoC with ARM926EJ-S core, integrates a NAND flash (Toshiba TC58NVG0S3HTA00) and DDR2 SDRAM, which were dumped and examined after removing conformal coating.

Critical Flaws in Firmware

The NAND uses a custom GPMI controller with metadata interleaving for integrity, complicating direct reads, but tools like imx-nand-tools enabled extraction of the boot control blocks (BCBs), including Firmware Configuration Blocks (FCBs) and Discovered Bad Block Tables (DBBTs), protected by software ECC.

This revealed encrypted file systems and keys, such as the AES-128 CBC encryption in /opt/cookey.txt, used for decrypting “cook sticks” magnetic USB modules containing recipe databases.

By reverse-engineering the kernel’s Data Co-Processor (DCP) driver, hardcoded cmp_key and act_key were extracted, facilitating decryption of cook stick ext4 partitions with cryptsetup, exposing signed SQLite databases (ext.sdb) and themed image assets, though signatures prevent easy modifications.

Further dissection of the Cook Key accessory, which enables Wi-Fi connectivity and cloud recipe downloads, identified it as a USB hub with a PIC16F1454 LED controller, Marvell 88W8786U WLAN module, and unencrypted UDP flash drive hosting ext4 partitions with firmware updates (tm5.img).

Exploitation Paths

Emulation via custom PCBs and Raspberry Pi setups allowed testing of virtual devices, bypassing hardware needs.

The firmware update process, handled by /usr/sbin/checkimg, employs AES-EAX encryption with RSA-signed sections but leaves nonces and tags unsigned, enabling tampering.

Attackers can manipulate nonces to control the first plaintext block, brute-forcing padding bytes to set force_flag=1 in the version section, thus bypassing anti-downgrade protections for versions before 2.14.

According to the Report, this exploits the known AES key extracted from checkimg, inverting OMAC and AES to derive custom nonces, as demonstrated in Python scripts that forge version dates like “197001010000” while recomputing tags.

Chained with incomplete secure boot lacking rootfs integrity checks despite DCP-encrypted bootstreams attackers can patch the rootfs for persistence.

By extracting and modifying update files, including hijacking checkimg to accept custom RSA signatures, arbitrary code execution is achieved post-reboot via scripts like /opt/update.sh.

The boot process, loading from ROM without dm-verity, decrypts sections using OTP-burned keys retrievable via kobs-ng, exposing the Linux kernel (v2.6.35.14) for further analysis.

These flaws stem from tamperable nonces, extractable AES keys, and absent rootfs verification, potentially allowing remote exploitation if initial physical access is gained via emulated devices or cloud vectors, though impacts are limited by the device’s low-power profile and lack of sensors.

Vorwerk patched section swapping in version 2.14 by binding signatures, but earlier models remain vulnerable.

Users should update firmware and monitor for unauthorized accessories to mitigate risks, highlighting the need for robust cryptographic bindings and comprehensive secure boot in IoT appliances.

Stay Updated on Daily Cybersecurity News. Follow us on Google News, LinkedIn, and X.