AGA COOKER owners are being targetted by an app that could give a hacker remote access to their oven.
Ken Munro, of cyber security company Pen Test Partners, was in the process of upgrading his oven when he found some serious vulnerabilities in the code that allows remote control of the device.
The iTotal Control system has been around for five years, but Mr Munro found that the text message system used by the oven isn't authenticated on receipt, and the SIM card in the cooker…
… let's make a dutiful and poignant pause there. The SIM CARD in the COOKER… FFS… Anyway…
…isn't authenticated either. Plus the password for the cooker can be as little as five characters, which makes a forced entry pretty easy, with plain text sending of email addresses to add to the fun.
Mr Munro has tried to contact Aga about the problems, but so far he hasn't been able to speak to anyone.
Potential disastrous consequences of hacking a middle-class oven include
- overcooked red velvet cupcake
- sticky tarragon infused couscous
- inclement kitchen temperature/humidity
- loss of social status during cheese and wine tastings
- mockery for having a stupid cooker
"Aga Rangemaster operates its Aga TC phone app via a third party service provider," Aga said in a statement to Auntie Beeb.
"Security and account registration also involves our [machine to machine] provider.
"We take such issues seriously and have raised them immediately with our service providers so that we can answer in detail the points raised."
Aga hasn't commented on Mr Morgan's situation specifically.
The big picture with this matter is the SMS/SIM system is also used by smart meter companies to upload meter readings, however, the standards required for smart meters are significantly more stringent than this.
Pretentious middle-class families are warned that if they feel that they are in a situation where someone might want to undermine their souffle, they should remove the SIM card from their oven, have a cup of Fennel and Cranberry Peace Tea, eat a star fruit and get some fricking perspective.
Look here for some better IoT devices. µ
But not they saw paid-for advertising
INQ takes a nosey around before it opens to the public on Friday
UK regulator says it has 'huge concerns' about the breach
Chancellor also says he'll crack the whip on tax avoiding tech firms