Hackers Can Target Aga Ovens, Heating Up IoT Security Concerns

The issue of security in the modern household in a Internet of Things (IoT) world has been raised after a researcher found that that high-end Aga cookers can be compromised by hackers.

The modern version of these ovens now come with a system (called ‘Total Control’) that allows the user to remotely control their kitchen appliance.

But unfortunately it seems that while Aga may make some good ovens, the company has very little idea on how to properly secure their system.

Half Baked Security

The problem stems from the fact that the system that Aga uses consists of both a radio module and and a GSM SIM connected to the Orange / EE network (at £6 per month). It is controlled either by a web or smartphne app.

According to PenTestPartners, the mobile app communicates over plain text HTTP, and the Android version “explicitly disables certificate validation.”

But digging deeper, it seems that the physical module is controlled by sending text messages to the cooker.

“That’s really quite an odd concept, particularly as many Agas are in remote locations in the country so don’t have great mobile reception,” blogged the researchers.

And they pointed out a number of fundamental problems with Aga’s Web application, as the login and registration page is all carried out over plain HTTP. And the password is only five characters long.

Another problem is that there is no link sent to validate the number or the account.

“All you have to do is simply send a text message to the Aga. We didn’t, but it would be trivial for less ethical culinary threat actors to do so,” the researchers warned. “You probably know it takes hours for an Aga to heat up. Switch it off, annoy the hell out of people.”

And the researchers slammed the disclosure process of Aga, saying they had tried everything possible to communicate the problem to them.

“Come on Aga, sort it out. This isn’t acceptable,” the researchers said. “Get rid of the silly SMS based remote control module and put in a nice secure Wi-Fi enabled module with mobile app.”

IoT Risks

With the increasing connectivity of many households today, security risks associated with smart home products are set to become increasingly common.

In February for example an IBM researcher warned that Internet-connected cars share the security shortcomings of other IoT-connected devices.

The researcher was able to remotely control his car – including remotely unlocking it – years after he had traded it in.

In January two security firms (Intel and BitDefender) revealed products to help safeguard the growing numbers of smart homes.

Quiz: What do you know about cybersecurity in 2016?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

13 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

14 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

16 hours ago

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

17 hours ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

20 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

21 hours ago