Latest in Gear

Image credit: Bloomberg via Getty Images

Luxury AGA ovens aren't safe from hackers

Owners can switch their oven on and off via a text message, but so can an attacker.
Matt Brian, @m4tt
04.13.17 in Home
298 Shares
Share
Tweet
Share
Save

Sponsored Links

Bloomberg via Getty Images

In the kitchen, nothing screams "I have money" like an AGA. The expensive British-made cast-iron stoves (or cookers, depending on where you're from) have barely changed in terms of looks much over the last century, but they have got smarter. Thanks to the company's iTotal Control technology, owners of certain models -- costing $10,000 and upwards -- have been able to switch their oven on and off via an app or by sending it a simple text message. It's no doubt helped them remotely prepare dinner, but a security flaw in the system has also left them open to mischievous third parties.

A new report from security experts Pen Test Partners takes issue with some AGA models that come with a built-in SIM card and mobile radio. Each oven has its own mobile phone number, which owners must pay an extra $7.50 or £6 a month for. Due to a lack of security on the Aga web app, attackers can effectively spam the login form to gain a list of eligible phone numbers and send requests to unsuspecting households. As the company doesn't check who is sending the text request, attackers potentially have full control.

To be clear, the exploit isn't going to cause much harm. However, AGA are notoriously power hungry and take a long time to heat up. The likely damage would be an inflated power bill or a ruined dinner party. Pen Test Partners notes that a simple WiFi module and mobile app would do the trick, rather than a system that can be impacted by poor mobile signals and unauthenticated text messages.

AGA initially neglected to address the concerns but has today issued a statement saying that the platform is supported by a separate company and that it's looking into the issue: "We take such issues seriously and have raised them immediately with our service providers so that we can answer in detail the points raised."

In this article: aga, cooker, flaw, gear, home, internet, IOT, oven, range
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
298 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
iFixit examines the 16-inch MacBook Pro's 'throwback' keyboard design

iFixit examines the 16-inch MacBook Pro's 'throwback' keyboard design

View
Spotify's latest feature creates a playlist for your road trip

Spotify's latest feature creates a playlist for your road trip

View
Google's Files app now streams local media to your Chromecast

Google's Files app now streams local media to your Chromecast

View
Porsche’s Taycan lives up to its EV hype

Porsche’s Taycan lives up to its EV hype

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr