If you have an Aga Total Control cooker with the remote-control option or you’re thinking about getting one then you need to know about this.
Ken Munro a security research at Pen Test Partners has discovered a critical safety flaw with the cooker.
Hackers have the ability to turn the upmarket ovens on or off remotely without anyone knowing.
Ken was looking to purchase one of the £10,000 high end cookers when he decided to look closer at the security measures in place. On inspection, he had discovered the ovens can be exploited.
The “smart” oven can be switched on or off via the Aga app. Whereas most smart devices use Wi-Fi to communicate over the internet, the Aga oven has a SIM card with its own number hidden inside of it so it can communicate via text messages.
Not any kind of encrypted special verified message, just your regular every day run of the mill SMS message. All it takes is for someone to discover the ovens phone number and they’re in.
With a little bit of investigation and the right message format anyone, anywhere can send a message to the oven and control it like so;
Ken has provided feedback to Aga on this and how they can patch the problem. Aga have advised that they are looking into it. Watch this space.