The security risk in an app-controlled sous vide machine includes starting a fire that burns your house down.
- Sous vide normally uses a water bath at a controlled low temperature over a long period of time.
- Hike the temperature up past the boiling point, and the water is evaporated, allowing you to hike the temperature up to ignition points.
- Or, cycle the electronics fast enough to overload the power supply. If it isn't designed well, either the wall circuit blows or the power supply bursts into flame.
- In any case, the expectation of a long unattended cooking process means that human observers might not be in the loop.
It seems unlikely that the device received a UL certification without a simple thermal cutoff switch that is common even in low-end cooking appliances.
Even without deliberate hackers, the device needs to contend with software errors, running without water, or a stuck relay that could leave it boiling dry and overheating.
You just need to look at Therac-25 for a device which lacked hardware interlocks/cut-offs, had flawed/buggy software interlocks, and still received certification.
You mean I only need to look back 35 years to a professional medical device built when computer control was still very new and that wasn't intended to be operated by unskilled consumers, and wasn't certified by to be safe for home use?
Therac's often used as the "canonical" example, but there are more recent issues that stem from a lack of a physical interlock:
- VW's dieselgate (although that was intentional)
- Virgin Galactic VSS Enterprise crash
(yes, designed for a skilled operator, but still: no interlock on the brake)
- Pyranha Moulding's industrial oven [1]
- Hotpoint tumble-dryers catching fire [2]
Even without network connectivity, household products still get recalled for issues such as fire risk, because they lack things like thermal cutoffs, or the cutoff is in some way inadequate.
Perhaps 35 years ago computer control was still very new, but right now, IoT is very new, so there's a whole new world of mistakes to learn from, and the evidence is very clear: serious mistakes are being made.
- Sous vide normally uses a water bath at a controlled low temperature over a long period of time.
- Hike the temperature up past the boiling point, and the water is evaporated, allowing you to hike the temperature up to ignition points.
- Or, cycle the electronics fast enough to overload the power supply. If it isn't designed well, either the wall circuit blows or the power supply bursts into flame.
- In any case, the expectation of a long unattended cooking process means that human observers might not be in the loop.