Aga security flaw might allow hackers to turn ovens on and off
Agas are at risk of being turned on and off by hackers, according to a security researcher who discovered problems with the company’s cookers.
Ken Munro is a security researcher at Pen Test Partners who criticized Aga regarding the safety of their line of app-controled ovens, according to Telegraph. “I wanted to know more about its security before spending extra on this option,” Munro said. “We found that even Agas can be hacked. Seriously”.
The issue is related to the way the mobile app communicates with the ovens. Aga’s app sends text messages to a SIM card embedded in the ovens, unlike most smart devices, that connect via Internet. When a user wants to turn on the oven, they indicate this in the app and a text message is sent to the oven.
Munro thinks that the current system can be hacked easily, with hackers having to send messages to Agas that do not belong to them, thus turning them on or off. He notes that the cookers can’t be turned on or off in a dangerous capacity.
“You probably know it takes hours for an Aga to heat up. Switch it off, annoy the hell out of people,” said Munro. “One could also power up people’s Agas when they’re not looking, wasting electricity. They draw around 30 Amps in full heat-up mode, so if you could switch enough Agas on at once, one could cause power spikes. That’s a bit fanciful though”.
The security researcher is not happy with the company’s slow response and demands Aga to “sort it out”. He also said that the firm blocked him on Twitter. He suggests that the system could be improved by replacing the text message system with a secure Wi-Fi communications one.
Aga responded: “We take such issues seriously and have raised them immediately with our service providers so that we can answer in detail the points raised.”