Hackers could ruin your next cookout if you own one of these smart grills — update right now

Someone grilling food in the backyard
(Image credit: Shutterstock)

If you’re thinking of firing up your grill for a 4th of July BBQ today, I’ve got bad news for you. A new high-severity vulnerability in some of the best grills from Traeger can be exploited by hackers to completely ruin your cookout.

As reported by The Register, a security consultant at Bishop Fox recently discovered two security flaws along with some other issues in several Traeger smart grills and detailed their findings in a blog post. The grills in question have a Traeger Grill D2 Wi-Fi Controller module that allows them to be controlled using a mobile app.

Of these vulnerabilities, one has a high severity score of 7.1, while the other is less severe, with a score of 4.3. Still, if exploited by an attacker, these flaws can be used to change temperature controls or shut down a grill before a cook is finished.

The first flaw is an insufficient authorization control issue that can be used to capture network traffic while someone is pairing their grill with Traeger’s app. For this vulnerability to be exploited, an attacker must know the unique 48-bit identifier of the grill they’re targeting. However, this identifier can also be obtained by scanning a QR code located inside the grill’s pellet hopper.

Either way, an attacker must be relatively close to a vulnerable Traeger grill to pull this off. If you haven’t upset anyone with a background in cybersecurity or hacking, you and your 4th of July cookout should be safe. Still, you will want to update your Traeger grill sooner rather than later to avoid falling victim to such an attack.

How to update your Traeger grill

A Traeger grill on a deck

(Image credit: Traeger)

After Bishop Fox security consultant Nick Cerne discovered these flaws and reported them to Traeger, the company updated the firmware of its grills to patch both vulnerabilities. However, there are a few steps you’ll need to take to apply these updates to your Traeger grill.

Instead of needing to be updated manually, the company’s grills update on their own whenever new software is available. For this process to work, though, your grill must be plugged in with the power button in the ON position while connected to Wi-Fi. Your Traeger grill will attempt to update automatically four times. If it fails during this process, the grill will not try again until the next update is available.

If you need extra help updating your Traeger grill, this support page has everything you need to know about the update process.

Smart devices may be convenient, but they can also put you at risk if you don’t install the latest updates when they become available. This is why you should periodically check to see if any new updates have been released. In this case though, that means leaving your Traeger grill on in standby mode and connected to Wi-Fi at least once a month.

More from Tom's Guide

Contract Length
Showing 2 of 2 deals
Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

  • USAFRet
    Q1: Why do you have/need a 'smart grill'?

    I grill 3-4-5 times a week, and never once, in the history of ever, has my grill been 'hacked'.
    Simply because it does not have, nor do I need, that "functionality".
  • COLGeek
    USAFRet said:
    Q1: Why do you have/need a 'smart grill'?

    I grill 3-4-5 times a week, and never once, in the history of ever, has my grill been 'hacked'.
    Simply because it does not have, nor do I need, that "functionality".
    Exactly! Not all things need to be "smart".