Hackers Can Target Aga Ovens, Heating Up IoT Security Concerns

The issue of security in the modern household in a Internet of Things (IoT) world has been raised after a researcher found that that high-end Aga cookers can be compromised by hackers.

The modern version of these ovens now come with a system (called ‘Total Control’) that allows the user to remotely control their kitchen appliance.

But unfortunately it seems that while Aga may make some good ovens, the company has very little idea on how to properly secure their system.

Half Baked Security

The problem stems from the fact that the system that Aga uses consists of both a radio module and and a GSM SIM connected to the Orange / EE network (at £6 per month). It is controlled either by a web or smartphne app.

According to PenTestPartners, the mobile app communicates over plain text HTTP, and the Android version “explicitly disables certificate validation.”

But digging deeper, it seems that the physical module is controlled by sending text messages to the cooker.

“That’s really quite an odd concept, particularly as many Agas are in remote locations in the country so don’t have great mobile reception,” blogged the researchers.

And they pointed out a number of fundamental problems with Aga’s Web application, as the login and registration page is all carried out over plain HTTP. And the password is only five characters long.

Another problem is that there is no link sent to validate the number or the account.

“All you have to do is simply send a text message to the Aga. We didn’t, but it would be trivial for less ethical culinary threat actors to do so,” the researchers warned. “You probably know it takes hours for an Aga to heat up. Switch it off, annoy the hell out of people.”

And the researchers slammed the disclosure process of Aga, saying they had tried everything possible to communicate the problem to them.

“Come on Aga, sort it out. This isn’t acceptable,” the researchers said. “Get rid of the silly SMS based remote control module and put in a nice secure Wi-Fi enabled module with mobile app.”

IoT Risks

With the increasing connectivity of many households today, security risks associated with smart home products are set to become increasingly common.

In February for example an IBM researcher warned that Internet-connected cars share the security shortcomings of other IoT-connected devices.

The researcher was able to remotely control his car – including remotely unlocking it – years after he had traded it in.

In January two security firms (Intel and BitDefender) revealed products to help safeguard the growing numbers of smart homes.

Quiz: What do you know about cybersecurity in 2016?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

US Senate Criticises Amazon Over Warehouse Safety

Senate study finds Amazon did not implement protections recommended by internal studies over risk they…

27 mins ago

US Lawmaker Calls For Drone Detection Tech After Runway Closure

US senate majority leader calls for federal deployment of drone detection technology after drone sightings…

57 mins ago

TikTok Shop US Sales Surpass Shein, Sephora

After launching in September 2023, TikTok Shop rises to broad popularity with US sales surpassing…

1 hour ago

China Chip Investment Plummets Amidst US Restrictions

Investment in China's semiconductor industry falls by one-third this year as US tightens restrictions, state…

2 hours ago

Bitcoin Hits New High Over $107,000 On Trump Comments

Bitcoin surges more than 5 percent after Trump reaffirms plans for national strategic crypto reserve,…

2 hours ago

Ofcom Gives Tech Firms Three Months To Implement Content Controls

Ofcom publishes codes of practice for tech platforms to comply with Online Safety Act, with…

3 hours ago