Have you an Aga Total Control oven? You need to read this now!

Aga Oven.

If you have an Aga Total Control cooker with the remote-control option or you’re thinking about getting one then you need to know about this.

Ken Munro a security research at Pen Test Partners has discovered a critical safety flaw with the cooker.

Hackers have the ability to turn the upmarket ovens on or off remotely without anyone knowing.

Ken was looking to purchase one of the £10,000 high end cookers when he decided to look closer at the security measures in place. On inspection, he had discovered the ovens can be exploited.

The “smart” oven can be switched on or off via the Aga app.  Whereas most smart devices use Wi-Fi to communicate over the internet, the Aga oven has a SIM card with its own number hidden inside of it so it can communicate via text messages.

Not any kind of encrypted special verified message, just your regular every day run of the mill SMS message. All it takes is for someone to discover the ovens phone number and they’re in.

With a little bit of investigation and the right message format anyone, anywhere can send a message to the oven and control it like so;

Aga Oven Text Command.

Unverified, unencrypted SMS commands used to exploit the cooker.

Ken has provided feedback to Aga on this and how they can patch the problem. Aga have advised that they are looking into it. Watch this space.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: