Latest in Gear

Image credit:

Luxury AGA ovens aren't safe from hackers

Owners can switch their oven on and off via a text message, but so can an attacker.
Matt Brian, @m4tt
April 13, 2017
Share
Tweet
Share

Sponsored Links

Bloomberg via Getty Images

In the kitchen, nothing screams "I have money" like an AGA. The expensive British-made cast-iron stoves (or cookers, depending on where you're from) have barely changed in terms of looks much over the last century, but they have got smarter. Thanks to the company's iTotal Control technology, owners of certain models -- costing $10,000 and upwards -- have been able to switch their oven on and off via an app or by sending it a simple text message. It's no doubt helped them remotely prepare dinner, but a security flaw in the system has also left them open to mischievous third parties.

A new report from security experts Pen Test Partners takes issue with some AGA models that come with a built-in SIM card and mobile radio. Each oven has its own mobile phone number, which owners must pay an extra $7.50 or £6 a month for. Due to a lack of security on the Aga web app, attackers can effectively spam the login form to gain a list of eligible phone numbers and send requests to unsuspecting households. As the company doesn't check who is sending the text request, attackers potentially have full control.

To be clear, the exploit isn't going to cause much harm. However, AGA are notoriously power hungry and take a long time to heat up. The likely damage would be an inflated power bill or a ruined dinner party. Pen Test Partners notes that a simple WiFi module and mobile app would do the trick, rather than a system that can be impacted by poor mobile signals and unauthenticated text messages.

AGA initially neglected to address the concerns but has today issued a statement saying that the platform is supported by a separate company and that it's looking into the issue: "We take such issues seriously and have raised them immediately with our service providers so that we can answer in detail the points raised."

In this article: aga, cooker, flaw, gear, home, internet, IOT, oven, range
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
The best laptop deals we found for Cyber Monday

The best laptop deals we found for Cyber Monday

View
Scientists might know why astronauts develop health problems in space

Scientists might know why astronauts develop health problems in space

View
The best Cyber Monday tech deals that are worth your money

The best Cyber Monday tech deals that are worth your money

View
Apple's MacBook Air M1 drops to $899 for Cyber Monday

Apple's MacBook Air M1 drops to $899 for Cyber Monday

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr